diff --git a/files/cluster-api-provider-azure/v1.12.3/cluster-template-aad.yaml b/files/cluster-api-provider-azure/v1.12.3/cluster-template-aad.yaml new file mode 100644 index 00000000..54c36b40 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.12.3/cluster-template-aad.yaml @@ -0,0 +1,211 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + oidc-client-id: ${AZURE_SERVER_APP_ID} + oidc-groups-claim: groups + oidc-issuer-url: https://sts.windows.net/${AZURE_TENANT_ID}/ + oidc-username-claim: oid + oidc-username-prefix: '-' + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + diskSizeGB: 128 + managedDisk: + storageAccountType: Premium_LRS + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.12.3/cluster-template-aks-clusterclass.yaml b/files/cluster-api-provider-azure/v1.12.3/cluster-template-aks-clusterclass.yaml new file mode 100644 index 00000000..13b7e1e0 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.12.3/cluster-template-aks-clusterclass.yaml @@ -0,0 +1,125 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: ClusterClass +metadata: + name: ${CLUSTER_CLASS_NAME} + namespace: default +spec: + controlPlane: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureManagedControlPlaneTemplate + name: ${CLUSTER_NAME}-control-plane + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureManagedClusterTemplate + name: ${CLUSTER_NAME} + workers: + machinePools: + - class: default-system + template: + bootstrap: + ref: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-pool0 + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureManagedMachinePoolTemplate + name: ${CLUSTER_NAME}-pool0 + - class: default-worker + template: + bootstrap: + ref: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-pool1 + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureManagedMachinePoolTemplate + name: ${CLUSTER_NAME}-pool1 +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureManagedControlPlaneTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureManagedClusterTemplate +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + template: + spec: {} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureManagedMachinePoolTemplate +metadata: + name: ${CLUSTER_NAME}-pool0 + namespace: default +spec: + template: + spec: + mode: System + name: pool0 + sku: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureManagedMachinePoolTemplate +metadata: + name: ${CLUSTER_NAME}-pool1 + namespace: default +spec: + template: + spec: + mode: User + name: pool1 + sku: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-pool0 + namespace: default +spec: + template: + spec: {} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-pool1 + namespace: default +spec: + template: + spec: {} diff --git a/files/cluster-api-provider-azure/v1.12.3/cluster-template-aks-topology.yaml b/files/cluster-api-provider-azure/v1.12.3/cluster-template-aks-topology.yaml new file mode 100644 index 00000000..c78efb4b --- /dev/null +++ b/files/cluster-api-provider-azure/v1.12.3/cluster-template-aks-topology.yaml @@ -0,0 +1,21 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + topology: + class: ${CLUSTER_CLASS_NAME} + version: ${KUBERNETES_VERSION} + workers: + machinePools: + - class: default-system + name: mp-0 + replicas: 1 + - class: default-worker + name: mp-1 + replicas: 1 diff --git a/files/cluster-api-provider-azure/v1.12.3/cluster-template-aks.yaml b/files/cluster-api-provider-azure/v1.12.3/cluster-template-aks.yaml new file mode 100644 index 00000000..3f411230 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.12.3/cluster-template-aks.yaml @@ -0,0 +1,116 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + services: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureManagedControlPlane + name: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureManagedCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureManagedControlPlane +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + resourceGroupName: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureManagedCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: ${CLUSTER_NAME}-pool0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + template: + metadata: {} + spec: + bootstrap: + dataSecretName: "" + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureManagedMachinePool + name: ${CLUSTER_NAME}-pool0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureManagedMachinePool +metadata: + name: ${CLUSTER_NAME}-pool0 + namespace: default +spec: + mode: System + name: pool0 + sku: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: ${CLUSTER_NAME}-pool1 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + template: + metadata: {} + spec: + bootstrap: + dataSecretName: "" + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureManagedMachinePool + name: ${CLUSTER_NAME}-pool1 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureManagedMachinePool +metadata: + name: ${CLUSTER_NAME}-pool1 + namespace: default +spec: + mode: User + name: pool1 + sku: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.12.3/cluster-template-azure-bastion.yaml b/files/cluster-api-provider-azure/v1.12.3/cluster-template-azure-bastion.yaml new file mode 100644 index 00000000..31cbcea5 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.12.3/cluster-template-azure-bastion.yaml @@ -0,0 +1,207 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + bastionSpec: + azureBastion: {} + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + preKubeadmCommands: [] +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.12.3/cluster-template-azure-cni-v1.yaml b/files/cluster-api-provider-azure/v1.12.3/cluster-template-azure-cni-v1.yaml new file mode 100644 index 00000000..fab81472 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.12.3/cluster-template-azure-cni-v1.yaml @@ -0,0 +1,214 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + max-pods: "110" + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + max-pods: "110" + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + networkInterfaces: + - privateIPConfigs: 110 + subnetName: control-plane-subnet + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + networkInterfaces: + - privateIPConfigs: 110 + subnetName: node-subnet + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + max-pods: "110" + name: '{{ ds.meta_data["local_hostname"] }}' + preKubeadmCommands: [] +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.12.3/cluster-template-clusterclass.yaml b/files/cluster-api-provider-azure/v1.12.3/cluster-template-clusterclass.yaml new file mode 100644 index 00000000..d85a122f --- /dev/null +++ b/files/cluster-api-provider-azure/v1.12.3/cluster-template-clusterclass.yaml @@ -0,0 +1,239 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: ClusterClass +metadata: + name: ${CLUSTER_CLASS_NAME} + namespace: default +spec: + controlPlane: + machineInfrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + ref: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlaneTemplate + name: ${CLUSTER_NAME}-control-plane + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterTemplate + name: ${CLUSTER_NAME}-azure-cluster + patches: + - definitions: + - jsonPatches: + - op: add + path: /spec/template/spec/kubeadmConfigSpec/clusterConfiguration/controllerManager/extraArgs/cluster-name + valueFrom: + variable: builtin.cluster.name + - op: replace + path: /spec/template/spec/kubeadmConfigSpec/files + valueFrom: + template: | + - contentFrom: + secret: + key: control-plane-azure.json + name: "{{ .builtin.controlPlane.machineTemplate.infrastructureRef.name }}-azure-json" + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + selector: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlaneTemplate + matchResources: + controlPlane: true + name: controlPlaneAzureJsonSecretName + - definitions: + - jsonPatches: + - op: replace + path: /spec/template/spec/files + valueFrom: + template: | + - contentFrom: + secret: + key: worker-node-azure.json + name: "{{ .builtin.machineDeployment.infrastructureRef.name }}-azure-json" + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + selector: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + matchResources: + machineDeploymentClass: + names: + - ${CLUSTER_NAME}-worker + name: workerAzureJsonSecretName + workers: + machineDeployments: + - class: ${CLUSTER_NAME}-worker + template: + bootstrap: + ref: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterTemplate +metadata: + name: ${CLUSTER_NAME}-azure-cluster + namespace: default +spec: + template: + spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + natGateway: + name: node-natgateway + role: node + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlaneTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: replace_me + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: replace_me + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + preKubeadmCommands: [] +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.12.3/cluster-template-dual-stack.yaml b/files/cluster-api-provider-azure/v1.12.3/cluster-template-dual-stack.yaml new file mode 100644 index 00000000..1ba4b184 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.12.3/cluster-template-dual-stack.yaml @@ -0,0 +1,240 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + labels: + cni: calico-dual-stack + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 10.244.0.0/16 + - 2001:1234:5678:9a40::/58 + services: + cidrBlocks: + - 10.0.0.0/16 + - fd00::/108 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - cidrBlocks: + - 10.0.0.0/16 + - 2001:1234:5678:9abc::/64 + name: control-plane-subnet + role: control-plane + - cidrBlocks: + - 10.1.0.0/16 + - 2001:1234:5678:9abd::/64 + name: node-subnet + role: node + vnet: + cidrBlocks: + - 10.0.0.0/8 + - 2001:1234:5678:9a00::/56 + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "true" + cloud-provider: external + cluster-cidr: 10.244.0.0/16,2001:1234:5678:9a40::/58 + cluster-name: ${CLUSTER_NAME} + configure-cloud-routes: "true" + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + localAPIEndpoint: + bindPort: 6443 + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + controlPlane: + localAPIEndpoint: + bindPort: 6443 + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: + - echo "DNSStubListener=no" >> /etc/systemd/resolved.conf + - mv /etc/resolv.conf /etc/resolv.conf.OLD && ln -s /run/systemd/resolve/resolv.conf + /etc/resolv.conf + - systemctl restart systemd-resolved containerd + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + enableIPForwarding: true + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + enableIPForwarding: true + osDisk: + diskSizeGB: 30 + managedDisk: + storageAccountType: Premium_LRS + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + postKubeadmCommands: + - echo "DNSStubListener=no" >> /etc/systemd/resolved.conf + - mv /etc/resolv.conf /etc/resolv.conf.OLD && ln -s /run/systemd/resolve/resolv.conf + /etc/resolv.conf + - systemctl restart systemd-resolved containerd diff --git a/files/cluster-api-provider-azure/v1.12.3/cluster-template-edgezone.yaml b/files/cluster-api-provider-azure/v1.12.3/cluster-template-edgezone.yaml new file mode 100644 index 00000000..81e7a725 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.12.3/cluster-template-edgezone.yaml @@ -0,0 +1,208 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + extendedLocation: + name: ${AZURE_EXTENDEDLOCATION_NAME} + type: ${AZURE_EXTENDEDLOCATION_TYPE} + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + preKubeadmCommands: [] +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.12.3/cluster-template-ephemeral.yaml b/files/cluster-api-provider-azure/v1.12.3/cluster-template-ephemeral.yaml new file mode 100644 index 00000000..105a0d9a --- /dev/null +++ b/files/cluster-api-provider-azure/v1.12.3/cluster-template-ephemeral.yaml @@ -0,0 +1,211 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + cachingType: ReadOnly + diffDiskSettings: + option: Local + diskSizeGB: 50 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + cachingType: ReadOnly + diffDiskSettings: + option: Local + diskSizeGB: 50 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + preKubeadmCommands: [] +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.12.3/cluster-template-flatcar.yaml b/files/cluster-api-provider-azure/v1.12.3/cluster-template-flatcar.yaml new file mode 100644 index 00000000..201774a2 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.12.3/cluster-template-flatcar.yaml @@ -0,0 +1,247 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + overwrite: false + partitions: [] + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + format: ignition + ignition: + containerLinuxConfig: + additionalConfig: | + systemd: + units: + - name: kubeadm.service + dropins: + - name: 10-flatcar.conf + contents: | + [Unit] + After=oem-cloudinit.service + # kubeadm must run after containerd - see https://github.com/kubernetes-sigs/image-builder/issues/939. + After=containerd.service + # Workaround for https://github.com/kubernetes-sigs/cluster-api/issues/7679. + storage: + disks: + - device: /dev/disk/azure/scsi1/lun0 + partitions: + - number: 1 + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '@@HOSTNAME@@' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '@@HOSTNAME@@' + mounts: + - - etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: + - sed -i "s/@@HOSTNAME@@/$(curl -s -H Metadata:true --noproxy '*' 'http://169.254.169.254/metadata/instance?api-version=2020-09-01' + | jq -r .compute.name)/g" /etc/kubeadm.yml + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + image: + computeGallery: + gallery: flatcar4capi-742ef0cb-dcaa-4ecb-9cb0-bfd2e43dccc0 + name: flatcar-stable-amd64-capi-${KUBERNETES_VERSION} + version: ${FLATCAR_VERSION} + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + image: + computeGallery: + gallery: flatcar4capi-742ef0cb-dcaa-4ecb-9cb0-bfd2e43dccc0 + name: flatcar-stable-amd64-capi-${KUBERNETES_VERSION} + version: ${FLATCAR_VERSION} + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + format: ignition + ignition: + containerLinuxConfig: + additionalConfig: | + systemd: + units: + - name: kubeadm.service + dropins: + - name: 10-flatcar.conf + contents: | + [Unit] + After=oem-cloudinit.service + # kubeadm must run after containerd - see https://github.com/kubernetes-sigs/image-builder/issues/939. + After=containerd.service + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '@@HOSTNAME@@' + postKubeadmCommands: [] + preKubeadmCommands: + - sed -i "s/@@HOSTNAME@@/$(curl -s -H Metadata:true --noproxy '*' 'http://169.254.169.254/metadata/instance?api-version=2020-09-01' + | jq -r .compute.name)/g" /etc/kubeadm.yml +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.12.3/cluster-template-ipv6.yaml b/files/cluster-api-provider-azure/v1.12.3/cluster-template-ipv6.yaml new file mode 100644 index 00000000..e6ec0b18 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.12.3/cluster-template-ipv6.yaml @@ -0,0 +1,256 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 2001:1234:5678:9a40::/58 + services: + cidrBlocks: + - fd00::/108 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - cidrBlocks: + - 10.0.0.0/16 + - 2001:1234:5678:9abc::/64 + name: control-plane-subnet + role: control-plane + - cidrBlocks: + - 10.1.0.0/16 + - 2001:1234:5678:9abd::/64 + name: node-subnet + role: node + vnet: + cidrBlocks: + - 10.0.0.0/8 + - 2001:1234:5678:9a00::/56 + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + bind-address: '::' + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "true" + bind-address: '::' + cloud-provider: external + cluster-cidr: 2001:1234:5678:9a40::/58 + cluster-name: ${CLUSTER_NAME} + configure-cloud-routes: "true" + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + scheduler: + extraArgs: + bind-address: '::' + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + localAPIEndpoint: + advertiseAddress: '::' + bindPort: 6443 + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + cluster-dns: fd00::10 + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + controlPlane: + localAPIEndpoint: + advertiseAddress: '::' + bindPort: 6443 + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + cluster-dns: fd00::10 + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: + - echo "DNSStubListener=no" >> /etc/systemd/resolved.conf + - mv /etc/resolv.conf /etc/resolv.conf.OLD && ln -s /run/systemd/resolve/resolv.conf + /etc/resolv.conf + - systemctl restart systemd-resolved containerd + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + enableIPForwarding: true + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + enableIPForwarding: true + osDisk: + diskSizeGB: 30 + managedDisk: + storageAccountType: Premium_LRS + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + clusterConfiguration: + apiServer: + extraArgs: + bind-address: '::' + controllerManager: + extraArgs: + bind-address: '::' + scheduler: + extraArgs: + bind-address: '::' + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + cluster-dns: '[fd00::10]' + name: '{{ ds.meta_data["local_hostname"] }}' + postKubeadmCommands: + - echo "DNSStubListener=no" >> /etc/systemd/resolved.conf + - mv /etc/resolv.conf /etc/resolv.conf.OLD && ln -s /run/systemd/resolve/resolv.conf + /etc/resolv.conf + - systemctl restart systemd-resolved containerd diff --git a/files/cluster-api-provider-azure/v1.12.3/cluster-template-machinepool-windows.yaml b/files/cluster-api-provider-azure/v1.12.3/cluster-template-machinepool-windows.yaml new file mode 100644 index 00000000..0861baa2 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.12.3/cluster-template-machinepool-windows.yaml @@ -0,0 +1,288 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + labels: + cni-windows: calico + csi-proxy: enabled + windows: enabled + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: ${CLUSTER_NAME}-mp-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfig + name: ${CLUSTER_NAME}-mp-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachinePool + name: ${CLUSTER_NAME}-mp-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachinePool +metadata: + name: ${CLUSTER_NAME}-mp-0 + namespace: default +spec: + location: ${AZURE_LOCATION} + strategy: + rollingUpdate: + deletePolicy: Oldest + maxSurge: 25% + maxUnavailable: 1 + type: RollingUpdate + template: + osDisk: + diskSizeGB: 30 + managedDisk: + storageAccountType: Premium_LRS + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfig +metadata: + name: ${CLUSTER_NAME}-mp-0 + namespace: default +spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-mp-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: ${CLUSTER_NAME}-mp-win + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfig + name: ${CLUSTER_NAME}-mp-win + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachinePool + name: ${CLUSTER_NAME}-mp-win + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachinePool +metadata: + annotations: + runtime: containerd + windowsServerVersion: ${WINDOWS_SERVER_VERSION:=""} + name: ${CLUSTER_NAME}-mp-win + namespace: default +spec: + location: ${AZURE_LOCATION} + template: + osDisk: + diskSizeGB: 128 + managedDisk: + storageAccountType: Premium_LRS + osType: Windows + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfig +metadata: + name: ${CLUSTER_NAME}-mp-win + namespace: default +spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-mp-win-azure-json + owner: root:root + path: c:/k/azure.json + permissions: "0644" + - content: Add-MpPreference -ExclusionProcess C:/opt/cni/bin/calico.exe + path: C:/defender-exclude-calico.ps1 + permissions: "0744" + joinConfiguration: + nodeRegistration: + criSocket: npipe:////./pipe/containerd-containerd + kubeletExtraArgs: + cloud-provider: external + pod-infra-container-image: mcr.microsoft.com/oss/kubernetes/pause:3.9 + name: '{{ ds.meta_data["local_hostname"] }}' + postKubeadmCommands: + - nssm set kubelet start SERVICE_AUTO_START + - powershell C:/defender-exclude-calico.ps1 + preKubeadmCommands: + - powershell c:/create-external-network.ps1 + users: + - groups: Administrators + name: capi + sshAuthorizedKeys: + - ${AZURE_SSH_PUBLIC_KEY:=""} diff --git a/files/cluster-api-provider-azure/v1.12.3/cluster-template-machinepool.yaml b/files/cluster-api-provider-azure/v1.12.3/cluster-template-machinepool.yaml new file mode 100644 index 00000000..b337dc5a --- /dev/null +++ b/files/cluster-api-provider-azure/v1.12.3/cluster-template-machinepool.yaml @@ -0,0 +1,208 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: ${CLUSTER_NAME}-mp-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfig + name: ${CLUSTER_NAME}-mp-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachinePool + name: ${CLUSTER_NAME}-mp-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachinePool +metadata: + name: ${CLUSTER_NAME}-mp-0 + namespace: default +spec: + location: ${AZURE_LOCATION} + strategy: + rollingUpdate: + deletePolicy: Oldest + maxSurge: 25% + maxUnavailable: 1 + type: RollingUpdate + template: + osDisk: + diskSizeGB: 30 + managedDisk: + storageAccountType: Premium_LRS + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfig +metadata: + name: ${CLUSTER_NAME}-mp-0 + namespace: default +spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-mp-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.12.3/cluster-template-nvidia-gpu.yaml b/files/cluster-api-provider-azure/v1.12.3/cluster-template-nvidia-gpu.yaml new file mode 100644 index 00000000..4ced5e04 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.12.3/cluster-template-nvidia-gpu.yaml @@ -0,0 +1,206 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + diskSizeGB: 128 + managedDisk: + storageAccountType: Premium_LRS + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' diff --git a/files/cluster-api-provider-azure/v1.12.3/cluster-template-private.yaml b/files/cluster-api-provider-azure/v1.12.3/cluster-template-private.yaml new file mode 100644 index 00000000..031b6c98 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.12.3/cluster-template-private.yaml @@ -0,0 +1,219 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + bastionSpec: + azureBastion: {} + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + apiServerLB: + name: ${CLUSTER_NAME}-internal-lb + type: Internal + controlPlaneOutboundLB: + frontendIPsCount: 1 + nodeOutboundLB: + frontendIPsCount: 1 + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: + - if [ -f /tmp/kubeadm-join-config.yaml ] || [ -f /run/kubeadm/kubeadm-join-config.yaml + ]; then echo '127.0.0.1 apiserver.${CLUSTER_NAME}.capz.io apiserver' >> /etc/hosts; + fi + preKubeadmCommands: + - if [ -f /tmp/kubeadm.yaml ] || [ -f /run/kubeadm/kubeadm.yaml ]; then echo '127.0.0.1 apiserver.${CLUSTER_NAME}.capz.io + apiserver' >> /etc/hosts; fi + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + preKubeadmCommands: [] +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.12.3/cluster-template-topology.yaml b/files/cluster-api-provider-azure/v1.12.3/cluster-template-topology.yaml new file mode 100644 index 00000000..28ad70f5 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.12.3/cluster-template-topology.yaml @@ -0,0 +1,23 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + labels: + containerd-logger: enabled + csi-proxy: enabled + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + topology: + class: ${CLUSTER_CLASS_NAME} + controlPlane: + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} + workers: + machineDeployments: + - class: ${CLUSTER_NAME}-worker + name: md-0 + replicas: ${WORKER_MACHINE_COUNT} diff --git a/files/cluster-api-provider-azure/v1.12.3/cluster-template-windows.yaml b/files/cluster-api-provider-azure/v1.12.3/cluster-template-windows.yaml new file mode 100644 index 00000000..f7104d26 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.12.3/cluster-template-windows.yaml @@ -0,0 +1,293 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + labels: + cni-windows: calico + csi-proxy: enabled + windows: enabled + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + preKubeadmCommands: [] +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-win + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-win + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-win + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + annotations: + runtime: containerd + name: ${CLUSTER_NAME}-md-win + namespace: default +spec: + template: + metadata: + annotations: + runtime: containerd + spec: + osDisk: + diskSizeGB: 128 + managedDisk: + storageAccountType: Premium_LRS + osType: Windows + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-win + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-win-azure-json + owner: root:root + path: c:/k/azure.json + permissions: "0644" + - content: |- + Add-MpPreference -ExclusionProcess C:/opt/cni/bin/calico.exe + Add-MpPreference -ExclusionProcess C:/opt/cni/bin/calico-ipam.exe + path: C:/defender-exclude-calico.ps1 + permissions: "0744" + joinConfiguration: + nodeRegistration: + criSocket: npipe:////./pipe/containerd-containerd + kubeletExtraArgs: + cloud-provider: external + v: "2" + windows-priorityclass: ABOVE_NORMAL_PRIORITY_CLASS + name: '{{ ds.meta_data["local_hostname"] }}' + postKubeadmCommands: + - nssm set kubelet start SERVICE_AUTO_START + - powershell C:/defender-exclude-calico.ps1 + preKubeadmCommands: [] + users: + - groups: Administrators + name: capi + sshAuthorizedKeys: + - ${AZURE_SSH_PUBLIC_KEY:=""} diff --git a/files/cluster-api-provider-azure/v1.12.3/cluster-template.yaml b/files/cluster-api-provider-azure/v1.12.3/cluster-template.yaml new file mode 100644 index 00000000..185ecdb9 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.12.3/cluster-template.yaml @@ -0,0 +1,205 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + preKubeadmCommands: [] +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.12.3/infrastructure-components.yaml b/files/cluster-api-provider-azure/v1.12.3/infrastructure-components.yaml new file mode 100644 index 00000000..270a37c0 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.12.3/infrastructure-components.yaml @@ -0,0 +1,48680 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + pod-security.kubernetes.io/enforce: privileged + name: capz-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + controller-gen.kubebuilder.io/version: v0.9.2 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azureclusteridentities.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capz-webhook-service + namespace: capz-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureClusterIdentity + listKind: AzureClusterIdentityList + plural: azureclusteridentities + singular: azureclusteridentity + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Type of Azure Identity + jsonPath: .spec.type + name: Type + type: string + - description: Time duration since creation of this AzureClusterIdentity + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: AzureClusterIdentity is the Schema for the azureclustersidentities + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureClusterIdentitySpec defines the parameters that are + used to create an AzureIdentity. + properties: + allowedNamespaces: + description: AllowedNamespaces is used to identify the namespaces + the clusters are allowed to use the identity from. Namespaces can + be selected either using an array of namespaces or with label selector. + An empty allowedNamespaces object indicates that AzureClusters can + use this identity from any namespace. If this object is nil, no + namespaces will be allowed (default behaviour, if this field is + not provided) A namespace should be either in the NamespaceList + or match with Selector to use the identity. + nullable: true + properties: + list: + description: A nil or empty list indicates that AzureCluster cannot + use the identity from any namespace. + items: + type: string + nullable: true + type: array + selector: + description: "Selector is a selector of namespaces that AzureCluster + can use this Identity from. This is a standard Kubernetes LabelSelector, + a label query over a set of resources. The result of matchLabels + and matchExpressions are ANDed. \n A nil or empty selector indicates + that AzureCluster cannot use this AzureClusterIdentity from + any namespace." + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + clientID: + description: ClientID is the service principal client ID. Both User + Assigned MSI and SP can use this field. + type: string + clientSecret: + description: ClientSecret is a secret reference which should contain + either a Service Principal password or certificate secret. + properties: + name: + description: name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: namespace defines the space within which the secret + name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + resourceID: + description: ResourceID is the Azure resource ID for the User Assigned + MSI resource. Only applicable when type is UserAssignedMSI. + type: string + tenantID: + description: TenantID is the service principal primary tenant id. + type: string + type: + description: Type is the type of Azure Identity used. ServicePrincipal, + ServicePrincipalCertificate, UserAssignedMSI, ManualServicePrincipal + or WorkloadIdentity. + enum: + - ServicePrincipal + - UserAssignedMSI + - ManualServicePrincipal + - ServicePrincipalCertificate + - WorkloadIdentity + type: string + required: + - clientID + - tenantID + - type + type: object + status: + description: AzureClusterIdentityStatus defines the observed state of + AzureClusterIdentity. + properties: + conditions: + description: Conditions defines current service state of the AzureClusterIdentity. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + controller-gen.kubebuilder.io/version: v0.9.2 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azureclusters.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capz-webhook-service + namespace: capz-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureCluster + listKind: AzureClusterList + plural: azureclusters + singular: azurecluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster to which this AzureCluster belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + priority: 1 + type: string + - jsonPath: .spec.resourceGroup + name: Resource Group + priority: 1 + type: string + - jsonPath: .spec.subscriptionID + name: SubscriptionID + priority: 1 + type: string + - jsonPath: .spec.location + name: Location + priority: 1 + type: string + - description: Control Plane Endpoint + jsonPath: .spec.controlPlaneEndpoint.host + name: Endpoint + priority: 1 + type: string + - description: Time duration since creation of this AzureCluster + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: AzureCluster is the Schema for the azureclusters API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureClusterSpec defines the desired state of AzureCluster. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to Azure + resources managed by the Azure provider, in addition to the ones + added by default. + type: object + azureEnvironment: + description: "AzureEnvironment is the name of the AzureCloud to be + used. The default value that would be used by most users is \"AzurePublicCloud\", + other values are: - ChinaCloud: \"AzureChinaCloud\" - GermanCloud: + \"AzureGermanCloud\" - PublicCloud: \"AzurePublicCloud\" - USGovernmentCloud: + \"AzureUSGovernmentCloud\" \n Note that values other than the default + must also be accompanied by corresponding changes to the aso-controller-settings + Secret to configure ASO to refer to the non-Public cloud. ASO currently + does not support referring to multiple different clouds in a single + installation. The following fields must be defined in the Secret: + - AZURE_AUTHORITY_HOST - AZURE_RESOURCE_MANAGER_ENDPOINT - AZURE_RESOURCE_MANAGER_AUDIENCE + \n See the [ASO docs] for more details. \n [ASO docs]: https://azure.github.io/azure-service-operator/guide/aso-controller-settings-options/" + type: string + bastionSpec: + description: BastionSpec encapsulates all things related to the Bastions + in the cluster. + properties: + azureBastion: + description: AzureBastion specifies how the Azure Bastion cloud + component should be configured. + properties: + enableTunneling: + default: false + description: EnableTunneling enables the native client support + feature for the Azure Bastion Host. Defaults to false. + type: boolean + name: + type: string + publicIP: + description: PublicIPSpec defines the inputs to create an + Azure public IP address. + properties: + dnsName: + type: string + ipTags: + items: + description: IPTag contains the IpTag associated with + the object. + properties: + tag: + description: 'Tag specifies the value of the IP + tag associated with the public IP. Example: SQL.' + type: string + type: + description: 'Type specifies the IP tag type. Example: + FirstPartyUsage.' + type: string + required: + - tag + - type + type: object + type: array + name: + type: string + required: + - name + type: object + sku: + default: Basic + description: BastionHostSkuName configures the tier of the + Azure Bastion Host. Can be either Basic or Standard. Defaults + to Basic. + enum: + - Basic + - Standard + type: string + subnet: + description: SubnetSpec configures an Azure subnet. + properties: + cidrBlocks: + description: CIDRBlocks defines the subnet's address space, + specified as one or more address prefixes in CIDR notation. + items: + type: string + type: array + id: + description: ID is the Azure resource ID of the subnet. + READ-ONLY + type: string + name: + description: Name defines a name for the subnet resource. + type: string + natGateway: + description: NatGateway associated with this subnet. + properties: + id: + description: ID is the Azure resource ID of the NAT + gateway. READ-ONLY + type: string + ip: + description: PublicIPSpec defines the inputs to create + an Azure public IP address. + properties: + dnsName: + type: string + ipTags: + items: + description: IPTag contains the IpTag associated + with the object. + properties: + tag: + description: 'Tag specifies the value of + the IP tag associated with the public + IP. Example: SQL.' + type: string + type: + description: 'Type specifies the IP tag + type. Example: FirstPartyUsage.' + type: string + required: + - tag + - type + type: object + type: array + name: + type: string + required: + - name + type: object + name: + type: string + required: + - name + type: object + privateEndpoints: + description: PrivateEndpoints defines a list of private + endpoints that should be attached to this subnet. + items: + description: PrivateEndpointSpec configures an Azure + Private Endpoint. + properties: + applicationSecurityGroups: + description: ApplicationSecurityGroups specifies + the Application security group in which the private + endpoint IP configuration is included. + items: + type: string + type: array + customNetworkInterfaceName: + description: CustomNetworkInterfaceName specifies + the network interface name associated with the + private endpoint. + type: string + location: + description: Location specifies the region to create + the private endpoint. + type: string + manualApproval: + description: ManualApproval specifies if the connection + approval needs to be done manually or not. Set + it true when the network admin does not have access + to approve connections to the remote resource. + Defaults to false. + type: boolean + name: + description: Name specifies the name of the private + endpoint. + type: string + privateIPAddresses: + description: PrivateIPAddresses specifies the IP + addresses for the network interface associated + with the private endpoint. They have to be part + of the subnet where the private endpoint is linked. + items: + type: string + type: array + privateLinkServiceConnections: + description: PrivateLinkServiceConnections specifies + Private Link Service Connections of the private + endpoint. + items: + description: PrivateLinkServiceConnection defines + the specification for a private link service + connection associated with a private endpoint. + properties: + groupIDs: + description: GroupIDs specifies the ID(s) + of the group(s) obtained from the remote + resource that this private endpoint should + connect to. + items: + type: string + type: array + name: + description: Name specifies the name of the + private link service. + type: string + privateLinkServiceID: + description: PrivateLinkServiceID specifies + the resource ID of the private link service. + type: string + requestMessage: + description: RequestMessage specifies a message + passed to the owner of the remote resource + with the private endpoint connection request. + maxLength: 140 + type: string + type: object + type: array + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + role: + description: Role defines the subnet role (eg. Node, ControlPlane) + enum: + - node + - control-plane + - bastion + type: string + routeTable: + description: RouteTable defines the route table that should + be attached to this subnet. + properties: + id: + description: ID is the Azure resource ID of the route + table. READ-ONLY + type: string + name: + type: string + required: + - name + type: object + securityGroup: + description: SecurityGroup defines the NSG (network security + group) that should be attached to this subnet. + properties: + id: + description: ID is the Azure resource ID of the security + group. READ-ONLY + type: string + name: + type: string + securityRules: + description: SecurityRules is a slice of Azure security + rules for security groups. + items: + description: SecurityRule defines an Azure security + rule for security groups. + properties: + action: + default: Allow + description: Action specifies whether network + traffic is allowed or denied. Can either be + "Allow" or "Deny". Defaults to "Allow". + enum: + - Allow + - Deny + type: string + description: + description: A description for this rule. Restricted + to 140 chars. + type: string + destination: + description: Destination is the destination + address prefix. CIDR or destination IP range. + Asterix '*' can also be used to match all + source IPs. Default tags such as 'VirtualNetwork', + 'AzureLoadBalancer' and 'Internet' can also + be used. + type: string + destinationPorts: + description: DestinationPorts specifies the + destination port or range. Integer or range + between 0 and 65535. Asterix '*' can also + be used to match all ports. + type: string + direction: + description: Direction indicates whether the + rule applies to inbound, or outbound traffic. + "Inbound" or "Outbound". + enum: + - Inbound + - Outbound + type: string + name: + description: Name is a unique name within the + network security group. + type: string + priority: + description: Priority is a number between 100 + and 4096. Each rule should have a unique value + for priority. Rules are processed in priority + order, with lower numbers processed before + higher numbers. Once traffic matches a rule, + processing stops. + format: int32 + type: integer + protocol: + description: Protocol specifies the protocol + type. "Tcp", "Udp", "Icmp", or "*". + enum: + - Tcp + - Udp + - Icmp + - '*' + type: string + source: + description: Source specifies the CIDR or source + IP range. Asterix '*' can also be used to + match all source IPs. Default tags such as + 'VirtualNetwork', 'AzureLoadBalancer' and + 'Internet' can also be used. If this is an + ingress rule, specifies where network traffic + originates from. + type: string + sourcePorts: + description: SourcePorts specifies source port + or range. Integer or range between 0 and 65535. + Asterix '*' can also be used to match all + ports. + type: string + required: + - description + - direction + - name + - protocol + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + tags: + additionalProperties: + type: string + description: Tags defines a map of tags. + type: object + required: + - name + type: object + serviceEndpoints: + description: ServiceEndpoints is a slice of Virtual Network + service endpoints to enable for the subnets. + items: + description: ServiceEndpointSpec configures an Azure + Service Endpoint. + properties: + locations: + items: + type: string + type: array + service: + type: string + required: + - locations + - service + type: object + type: array + x-kubernetes-list-map-keys: + - service + x-kubernetes-list-type: map + required: + - name + - role + type: object + type: object + type: object + cloudProviderConfigOverrides: + description: 'CloudProviderConfigOverrides is an optional set of configuration + values that can be overridden in azure cloud provider config. This + is only a subset of options that are available in azure cloud provider + config. Some values for the cloud provider config are inferred from + other parts of cluster api provider azure spec, and may not be available + for overrides. See: https://cloud-provider-azure.sigs.k8s.io/install/configs + Note: All cloud provider config values can be customized by creating + the secret beforehand. CloudProviderConfigOverrides is only used + when the secret is managed by the Azure Provider.' + properties: + backOffs: + description: BackOffConfig indicates the back-off config options. + properties: + cloudProviderBackoff: + type: boolean + cloudProviderBackoffDuration: + type: integer + cloudProviderBackoffExponent: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + cloudProviderBackoffJitter: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + cloudProviderBackoffRetries: + type: integer + type: object + rateLimits: + items: + description: 'RateLimitSpec represents the rate limit configuration + for a particular kind of resource. Eg. loadBalancerRateLimit + is used to configure rate limits for load balancers. This + eventually gets converted to CloudProviderRateLimitConfig + that cloud-provider-azure expects. See: https://github.com/kubernetes-sigs/cloud-provider-azure/blob/d585c2031925b39c925624302f22f8856e29e352/pkg/provider/azure_ratelimit.go#L25 + We cannot use CloudProviderRateLimitConfig directly because + floating point values are not supported in controller-tools. + See: https://github.com/kubernetes-sigs/controller-tools/issues/245' + properties: + config: + description: RateLimitConfig indicates the rate limit config + options. + properties: + cloudProviderRateLimit: + type: boolean + cloudProviderRateLimitBucket: + type: integer + cloudProviderRateLimitBucketWrite: + type: integer + cloudProviderRateLimitQPS: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + cloudProviderRateLimitQPSWrite: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + name: + description: Name is the name of the rate limit spec. + enum: + - defaultRateLimit + - routeRateLimit + - subnetsRateLimit + - interfaceRateLimit + - routeTableRateLimit + - loadBalancerRateLimit + - publicIPAddressRateLimit + - securityGroupRateLimit + - virtualMachineRateLimit + - storageAccountRateLimit + - diskRateLimit + - snapshotRateLimit + - virtualMachineScaleSetRateLimit + - virtualMachineSizesRateLimit + - availabilitySetRateLimit + type: string + required: + - name + type: object + type: array + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. It is not recommended to set + this when creating an AzureCluster as CAPZ will set this for you. + However, if it is set, CAPZ will not change it. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + extendedLocation: + description: ExtendedLocation is an optional set of ExtendedLocation + properties for clusters on Azure public MEC. + properties: + name: + description: Name defines the name for the extended location. + type: string + type: + description: Type defines the type for the extended location. + enum: + - EdgeZone + type: string + required: + - name + - type + type: object + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: 'FailureDomains is a list of failure domains in the cluster''s + region, used to restrict eligibility to host the control plane. + A FailureDomain maps to an availability zone, which is a separated + group of datacenters within a region. See: https://learn.microsoft.com/azure/reliability/availability-zones-overview' + type: object + identityRef: + description: IdentityRef is a reference to an AzureIdentity to be + used when reconciling this cluster + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + location: + type: string + networkSpec: + description: NetworkSpec encapsulates all things related to Azure + network. + properties: + apiServerLB: + description: APIServerLB is the configuration for the control-plane + load balancer. + properties: + backendPool: + description: BackendPool describes the backend pool of the + load balancer. + properties: + name: + description: Name specifies the name of backend pool for + the load balancer. If not specified, the default name + will be set, depending on the load balancer role. + type: string + type: object + frontendIPs: + items: + description: FrontendIP defines a load balancer frontend + IP configuration. + properties: + name: + minLength: 1 + type: string + privateIP: + type: string + publicIP: + description: PublicIPSpec defines the inputs to create + an Azure public IP address. + properties: + dnsName: + type: string + ipTags: + items: + description: IPTag contains the IpTag associated + with the object. + properties: + tag: + description: 'Tag specifies the value of the + IP tag associated with the public IP. Example: + SQL.' + type: string + type: + description: 'Type specifies the IP tag type. + Example: FirstPartyUsage.' + type: string + required: + - tag + - type + type: object + type: array + name: + type: string + required: + - name + type: object + required: + - name + type: object + type: array + frontendIPsCount: + description: FrontendIPsCount specifies the number of frontend + IP addresses for the load balancer. + format: int32 + type: integer + id: + description: ID is the Azure resource ID of the load balancer. + READ-ONLY + type: string + idleTimeoutInMinutes: + description: IdleTimeoutInMinutes specifies the timeout for + the TCP idle connection. + format: int32 + type: integer + name: + type: string + sku: + description: SKU defines an Azure load balancer SKU. + type: string + type: + description: LBType defines an Azure load balancer Type. + type: string + type: object + controlPlaneOutboundLB: + description: ControlPlaneOutboundLB is the configuration for the + control-plane outbound load balancer. This is different from + APIServerLB, and is used only in private clusters (optionally) + for enabling outbound traffic. + properties: + backendPool: + description: BackendPool describes the backend pool of the + load balancer. + properties: + name: + description: Name specifies the name of backend pool for + the load balancer. If not specified, the default name + will be set, depending on the load balancer role. + type: string + type: object + frontendIPs: + items: + description: FrontendIP defines a load balancer frontend + IP configuration. + properties: + name: + minLength: 1 + type: string + privateIP: + type: string + publicIP: + description: PublicIPSpec defines the inputs to create + an Azure public IP address. + properties: + dnsName: + type: string + ipTags: + items: + description: IPTag contains the IpTag associated + with the object. + properties: + tag: + description: 'Tag specifies the value of the + IP tag associated with the public IP. Example: + SQL.' + type: string + type: + description: 'Type specifies the IP tag type. + Example: FirstPartyUsage.' + type: string + required: + - tag + - type + type: object + type: array + name: + type: string + required: + - name + type: object + required: + - name + type: object + type: array + frontendIPsCount: + description: FrontendIPsCount specifies the number of frontend + IP addresses for the load balancer. + format: int32 + type: integer + id: + description: ID is the Azure resource ID of the load balancer. + READ-ONLY + type: string + idleTimeoutInMinutes: + description: IdleTimeoutInMinutes specifies the timeout for + the TCP idle connection. + format: int32 + type: integer + name: + type: string + sku: + description: SKU defines an Azure load balancer SKU. + type: string + type: + description: LBType defines an Azure load balancer Type. + type: string + type: object + nodeOutboundLB: + description: NodeOutboundLB is the configuration for the node + outbound load balancer. + properties: + backendPool: + description: BackendPool describes the backend pool of the + load balancer. + properties: + name: + description: Name specifies the name of backend pool for + the load balancer. If not specified, the default name + will be set, depending on the load balancer role. + type: string + type: object + frontendIPs: + items: + description: FrontendIP defines a load balancer frontend + IP configuration. + properties: + name: + minLength: 1 + type: string + privateIP: + type: string + publicIP: + description: PublicIPSpec defines the inputs to create + an Azure public IP address. + properties: + dnsName: + type: string + ipTags: + items: + description: IPTag contains the IpTag associated + with the object. + properties: + tag: + description: 'Tag specifies the value of the + IP tag associated with the public IP. Example: + SQL.' + type: string + type: + description: 'Type specifies the IP tag type. + Example: FirstPartyUsage.' + type: string + required: + - tag + - type + type: object + type: array + name: + type: string + required: + - name + type: object + required: + - name + type: object + type: array + frontendIPsCount: + description: FrontendIPsCount specifies the number of frontend + IP addresses for the load balancer. + format: int32 + type: integer + id: + description: ID is the Azure resource ID of the load balancer. + READ-ONLY + type: string + idleTimeoutInMinutes: + description: IdleTimeoutInMinutes specifies the timeout for + the TCP idle connection. + format: int32 + type: integer + name: + type: string + sku: + description: SKU defines an Azure load balancer SKU. + type: string + type: + description: LBType defines an Azure load balancer Type. + type: string + type: object + privateDNSZoneName: + description: PrivateDNSZoneName defines the zone name for the + Azure Private DNS. + type: string + subnets: + description: Subnets is the configuration for the control-plane + subnet and the node subnet. + items: + description: SubnetSpec configures an Azure subnet. + properties: + cidrBlocks: + description: CIDRBlocks defines the subnet's address space, + specified as one or more address prefixes in CIDR notation. + items: + type: string + type: array + id: + description: ID is the Azure resource ID of the subnet. + READ-ONLY + type: string + name: + description: Name defines a name for the subnet resource. + type: string + natGateway: + description: NatGateway associated with this subnet. + properties: + id: + description: ID is the Azure resource ID of the NAT + gateway. READ-ONLY + type: string + ip: + description: PublicIPSpec defines the inputs to create + an Azure public IP address. + properties: + dnsName: + type: string + ipTags: + items: + description: IPTag contains the IpTag associated + with the object. + properties: + tag: + description: 'Tag specifies the value of the + IP tag associated with the public IP. Example: + SQL.' + type: string + type: + description: 'Type specifies the IP tag type. + Example: FirstPartyUsage.' + type: string + required: + - tag + - type + type: object + type: array + name: + type: string + required: + - name + type: object + name: + type: string + required: + - name + type: object + privateEndpoints: + description: PrivateEndpoints defines a list of private + endpoints that should be attached to this subnet. + items: + description: PrivateEndpointSpec configures an Azure Private + Endpoint. + properties: + applicationSecurityGroups: + description: ApplicationSecurityGroups specifies the + Application security group in which the private + endpoint IP configuration is included. + items: + type: string + type: array + customNetworkInterfaceName: + description: CustomNetworkInterfaceName specifies + the network interface name associated with the private + endpoint. + type: string + location: + description: Location specifies the region to create + the private endpoint. + type: string + manualApproval: + description: ManualApproval specifies if the connection + approval needs to be done manually or not. Set it + true when the network admin does not have access + to approve connections to the remote resource. Defaults + to false. + type: boolean + name: + description: Name specifies the name of the private + endpoint. + type: string + privateIPAddresses: + description: PrivateIPAddresses specifies the IP addresses + for the network interface associated with the private + endpoint. They have to be part of the subnet where + the private endpoint is linked. + items: + type: string + type: array + privateLinkServiceConnections: + description: PrivateLinkServiceConnections specifies + Private Link Service Connections of the private + endpoint. + items: + description: PrivateLinkServiceConnection defines + the specification for a private link service connection + associated with a private endpoint. + properties: + groupIDs: + description: GroupIDs specifies the ID(s) of + the group(s) obtained from the remote resource + that this private endpoint should connect + to. + items: + type: string + type: array + name: + description: Name specifies the name of the + private link service. + type: string + privateLinkServiceID: + description: PrivateLinkServiceID specifies + the resource ID of the private link service. + type: string + requestMessage: + description: RequestMessage specifies a message + passed to the owner of the remote resource + with the private endpoint connection request. + maxLength: 140 + type: string + type: object + type: array + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + role: + description: Role defines the subnet role (eg. Node, ControlPlane) + enum: + - node + - control-plane + - bastion + type: string + routeTable: + description: RouteTable defines the route table that should + be attached to this subnet. + properties: + id: + description: ID is the Azure resource ID of the route + table. READ-ONLY + type: string + name: + type: string + required: + - name + type: object + securityGroup: + description: SecurityGroup defines the NSG (network security + group) that should be attached to this subnet. + properties: + id: + description: ID is the Azure resource ID of the security + group. READ-ONLY + type: string + name: + type: string + securityRules: + description: SecurityRules is a slice of Azure security + rules for security groups. + items: + description: SecurityRule defines an Azure security + rule for security groups. + properties: + action: + default: Allow + description: Action specifies whether network + traffic is allowed or denied. Can either be + "Allow" or "Deny". Defaults to "Allow". + enum: + - Allow + - Deny + type: string + description: + description: A description for this rule. Restricted + to 140 chars. + type: string + destination: + description: Destination is the destination address + prefix. CIDR or destination IP range. Asterix + '*' can also be used to match all source IPs. + Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' + and 'Internet' can also be used. + type: string + destinationPorts: + description: DestinationPorts specifies the destination + port or range. Integer or range between 0 and + 65535. Asterix '*' can also be used to match + all ports. + type: string + direction: + description: Direction indicates whether the rule + applies to inbound, or outbound traffic. "Inbound" + or "Outbound". + enum: + - Inbound + - Outbound + type: string + name: + description: Name is a unique name within the + network security group. + type: string + priority: + description: Priority is a number between 100 + and 4096. Each rule should have a unique value + for priority. Rules are processed in priority + order, with lower numbers processed before higher + numbers. Once traffic matches a rule, processing + stops. + format: int32 + type: integer + protocol: + description: Protocol specifies the protocol type. + "Tcp", "Udp", "Icmp", or "*". + enum: + - Tcp + - Udp + - Icmp + - '*' + type: string + source: + description: Source specifies the CIDR or source + IP range. Asterix '*' can also be used to match + all source IPs. Default tags such as 'VirtualNetwork', + 'AzureLoadBalancer' and 'Internet' can also + be used. If this is an ingress rule, specifies + where network traffic originates from. + type: string + sourcePorts: + description: SourcePorts specifies source port + or range. Integer or range between 0 and 65535. + Asterix '*' can also be used to match all ports. + type: string + required: + - description + - direction + - name + - protocol + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + tags: + additionalProperties: + type: string + description: Tags defines a map of tags. + type: object + required: + - name + type: object + serviceEndpoints: + description: ServiceEndpoints is a slice of Virtual Network + service endpoints to enable for the subnets. + items: + description: ServiceEndpointSpec configures an Azure Service + Endpoint. + properties: + locations: + items: + type: string + type: array + service: + type: string + required: + - locations + - service + type: object + type: array + x-kubernetes-list-map-keys: + - service + x-kubernetes-list-type: map + required: + - name + - role + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + vnet: + description: Vnet is the configuration for the Azure virtual network. + properties: + cidrBlocks: + description: CIDRBlocks defines the virtual network's address + space, specified as one or more address prefixes in CIDR + notation. + items: + type: string + type: array + id: + description: ID is the Azure resource ID of the virtual network. + READ-ONLY + type: string + name: + description: Name defines a name for the virtual network resource. + type: string + peerings: + description: Peerings defines a list of peerings of the newly + created virtual network with existing virtual networks. + items: + description: VnetPeeringSpec specifies an existing remote + virtual network to peer with the AzureCluster's virtual + network. + properties: + forwardPeeringProperties: + description: ForwardPeeringProperties specifies VnetPeeringProperties + for peering from the cluster's virtual network to + the remote virtual network. + properties: + allowForwardedTraffic: + description: AllowForwardedTraffic specifies whether + the forwarded traffic from the VMs in the local + virtual network will be allowed/disallowed in + remote virtual network. + type: boolean + allowGatewayTransit: + description: AllowGatewayTransit specifies if gateway + links can be used in remote virtual networking + to link to this virtual network. + type: boolean + allowVirtualNetworkAccess: + description: AllowVirtualNetworkAccess specifies + whether the VMs in the local virtual network space + would be able to access the VMs in remote virtual + network space. + type: boolean + useRemoteGateways: + description: UseRemoteGateways specifies if remote + gateways can be used on this virtual network. + If the flag is set to true, and allowGatewayTransit + on remote peering is also set to true, the virtual + network will use the gateways of the remote virtual + network for transit. Only one peering can have + this flag set to true. This flag cannot be set + if virtual network already has a gateway. + type: boolean + type: object + remoteVnetName: + description: RemoteVnetName defines name of the remote + virtual network. + type: string + resourceGroup: + description: ResourceGroup is the resource group name + of the remote virtual network. + type: string + reversePeeringProperties: + description: ReversePeeringProperties specifies VnetPeeringProperties + for peering from the remote virtual network to the + cluster's virtual network. + properties: + allowForwardedTraffic: + description: AllowForwardedTraffic specifies whether + the forwarded traffic from the VMs in the local + virtual network will be allowed/disallowed in + remote virtual network. + type: boolean + allowGatewayTransit: + description: AllowGatewayTransit specifies if gateway + links can be used in remote virtual networking + to link to this virtual network. + type: boolean + allowVirtualNetworkAccess: + description: AllowVirtualNetworkAccess specifies + whether the VMs in the local virtual network space + would be able to access the VMs in remote virtual + network space. + type: boolean + useRemoteGateways: + description: UseRemoteGateways specifies if remote + gateways can be used on this virtual network. + If the flag is set to true, and allowGatewayTransit + on remote peering is also set to true, the virtual + network will use the gateways of the remote virtual + network for transit. Only one peering can have + this flag set to true. This flag cannot be set + if virtual network already has a gateway. + type: boolean + type: object + required: + - remoteVnetName + type: object + type: array + resourceGroup: + description: ResourceGroup is the name of the resource group + of the existing virtual network or the resource group where + a managed virtual network should be created. + type: string + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing the resource. + type: object + required: + - name + type: object + type: object + resourceGroup: + type: string + subscriptionID: + type: string + required: + - location + type: object + status: + description: AzureClusterStatus defines the observed state of AzureCluster. + properties: + conditions: + description: Conditions defines current service state of the AzureCluster. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: 'FailureDomains specifies the list of unique failure + domains for the location/region of the cluster. A FailureDomain + maps to Availability Zone with an Azure Region (if the region support + them). An Availability Zone is a separate data center within a region + and they can be used to ensure the cluster is more resilient to + failure. See: https://learn.microsoft.com/azure/reliability/availability-zones-overview + This list will be used by Cluster API to try and spread the machines + across the failure domains.' + type: object + longRunningOperationStates: + description: LongRunningOperationStates saves the states for Azure + long-running operations so they can be continued on the next reconciliation + loop. + items: + description: Future contains the data needed for an Azure long-running + operation to continue across reconcile loops. + properties: + data: + description: Data is the base64 url encoded json Azure AutoRest + Future. + type: string + name: + description: Name is the name of the Azure resource. Together + with the service name, this forms the unique identifier for + the future. + type: string + resourceGroup: + description: ResourceGroup is the Azure resource group for the + resource. + type: string + serviceName: + description: ServiceName is the name of the Azure service. Together + with the name of the resource, this forms the unique identifier + for the future. + type: string + type: + description: Type describes the type of future, such as update, + create, delete, etc. + type: string + required: + - data + - name + - serviceName + - type + type: object + type: array + ready: + description: Ready is true when the provider resource is ready. + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + controller-gen.kubebuilder.io/version: v0.9.2 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azureclustertemplates.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capz-webhook-service + namespace: capz-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureClusterTemplate + listKind: AzureClusterTemplateList + plural: azureclustertemplates + singular: azureclustertemplate + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AzureClusterTemplate is the Schema for the azureclustertemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureClusterTemplateSpec defines the desired state of AzureClusterTemplate. + properties: + template: + description: AzureClusterTemplateResource describes the data needed + to create an AzureCluster from a template. + properties: + spec: + description: AzureClusterTemplateResourceSpec specifies an Azure + cluster template resource. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to + add to Azure resources managed by the Azure provider, in + addition to the ones added by default. + type: object + azureEnvironment: + description: "AzureEnvironment is the name of the AzureCloud + to be used. The default value that would be used by most + users is \"AzurePublicCloud\", other values are: - ChinaCloud: + \"AzureChinaCloud\" - GermanCloud: \"AzureGermanCloud\" + - PublicCloud: \"AzurePublicCloud\" - USGovernmentCloud: + \"AzureUSGovernmentCloud\" \n Note that values other than + the default must also be accompanied by corresponding changes + to the aso-controller-settings Secret to configure ASO to + refer to the non-Public cloud. ASO currently does not support + referring to multiple different clouds in a single installation. + The following fields must be defined in the Secret: - AZURE_AUTHORITY_HOST + - AZURE_RESOURCE_MANAGER_ENDPOINT - AZURE_RESOURCE_MANAGER_AUDIENCE + \n See the [ASO docs] for more details. \n [ASO docs]: https://azure.github.io/azure-service-operator/guide/aso-controller-settings-options/" + type: string + bastionSpec: + description: BastionSpec encapsulates all things related to + the Bastions in the cluster. + properties: + azureBastion: + description: AzureBastionTemplateSpec specifies a template + for an Azure Bastion host. + properties: + subnet: + description: SubnetTemplateSpec specifies a template + for a subnet. + properties: + cidrBlocks: + description: CIDRBlocks defines the subnet's address + space, specified as one or more address prefixes + in CIDR notation. + items: + type: string + type: array + name: + description: Name defines a name for the subnet + resource. + type: string + natGateway: + description: NatGateway associated with this subnet. + properties: + name: + type: string + required: + - name + type: object + privateEndpoints: + description: PrivateEndpoints defines a list of + private endpoints that should be attached to + this subnet. + items: + description: PrivateEndpointSpec configures + an Azure Private Endpoint. + properties: + applicationSecurityGroups: + description: ApplicationSecurityGroups specifies + the Application security group in which + the private endpoint IP configuration + is included. + items: + type: string + type: array + customNetworkInterfaceName: + description: CustomNetworkInterfaceName + specifies the network interface name associated + with the private endpoint. + type: string + location: + description: Location specifies the region + to create the private endpoint. + type: string + manualApproval: + description: ManualApproval specifies if + the connection approval needs to be done + manually or not. Set it true when the + network admin does not have access to + approve connections to the remote resource. + Defaults to false. + type: boolean + name: + description: Name specifies the name of + the private endpoint. + type: string + privateIPAddresses: + description: PrivateIPAddresses specifies + the IP addresses for the network interface + associated with the private endpoint. + They have to be part of the subnet where + the private endpoint is linked. + items: + type: string + type: array + privateLinkServiceConnections: + description: PrivateLinkServiceConnections + specifies Private Link Service Connections + of the private endpoint. + items: + description: PrivateLinkServiceConnection + defines the specification for a private + link service connection associated with + a private endpoint. + properties: + groupIDs: + description: GroupIDs specifies the + ID(s) of the group(s) obtained from + the remote resource that this private + endpoint should connect to. + items: + type: string + type: array + name: + description: Name specifies the name + of the private link service. + type: string + privateLinkServiceID: + description: PrivateLinkServiceID + specifies the resource ID of the + private link service. + type: string + requestMessage: + description: RequestMessage specifies + a message passed to the owner of + the remote resource with the private + endpoint connection request. + maxLength: 140 + type: string + type: object + type: array + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + role: + description: Role defines the subnet role (eg. + Node, ControlPlane) + enum: + - node + - control-plane + - bastion + type: string + securityGroup: + description: SecurityGroup defines the NSG (network + security group) that should be attached to this + subnet. + properties: + securityRules: + description: SecurityRules is a slice of Azure + security rules for security groups. + items: + description: SecurityRule defines an Azure + security rule for security groups. + properties: + action: + default: Allow + description: Action specifies whether + network traffic is allowed or denied. + Can either be "Allow" or "Deny". Defaults + to "Allow". + enum: + - Allow + - Deny + type: string + description: + description: A description for this + rule. Restricted to 140 chars. + type: string + destination: + description: Destination is the destination + address prefix. CIDR or destination + IP range. Asterix '*' can also be + used to match all source IPs. Default + tags such as 'VirtualNetwork', 'AzureLoadBalancer' + and 'Internet' can also be used. + type: string + destinationPorts: + description: DestinationPorts specifies + the destination port or range. Integer + or range between 0 and 65535. Asterix + '*' can also be used to match all + ports. + type: string + direction: + description: Direction indicates whether + the rule applies to inbound, or outbound + traffic. "Inbound" or "Outbound". + enum: + - Inbound + - Outbound + type: string + name: + description: Name is a unique name within + the network security group. + type: string + priority: + description: Priority is a number between + 100 and 4096. Each rule should have + a unique value for priority. Rules + are processed in priority order, with + lower numbers processed before higher + numbers. Once traffic matches a rule, + processing stops. + format: int32 + type: integer + protocol: + description: Protocol specifies the + protocol type. "Tcp", "Udp", "Icmp", + or "*". + enum: + - Tcp + - Udp + - Icmp + - '*' + type: string + source: + description: Source specifies the CIDR + or source IP range. Asterix '*' can + also be used to match all source IPs. + Default tags such as 'VirtualNetwork', + 'AzureLoadBalancer' and 'Internet' + can also be used. If this is an ingress + rule, specifies where network traffic + originates from. + type: string + sourcePorts: + description: SourcePorts specifies source + port or range. Integer or range between + 0 and 65535. Asterix '*' can also + be used to match all ports. + type: string + required: + - description + - direction + - name + - protocol + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + tags: + additionalProperties: + type: string + description: Tags defines a map of tags. + type: object + type: object + serviceEndpoints: + description: ServiceEndpoints is a slice of Virtual + Network service endpoints to enable for the + subnets. + items: + description: ServiceEndpointSpec configures + an Azure Service Endpoint. + properties: + locations: + items: + type: string + type: array + service: + type: string + required: + - locations + - service + type: object + type: array + x-kubernetes-list-map-keys: + - service + x-kubernetes-list-type: map + required: + - name + - role + type: object + type: object + type: object + cloudProviderConfigOverrides: + description: 'CloudProviderConfigOverrides is an optional + set of configuration values that can be overridden in azure + cloud provider config. This is only a subset of options + that are available in azure cloud provider config. Some + values for the cloud provider config are inferred from other + parts of cluster api provider azure spec, and may not be + available for overrides. See: https://cloud-provider-azure.sigs.k8s.io/install/configs + Note: All cloud provider config values can be customized + by creating the secret beforehand. CloudProviderConfigOverrides + is only used when the secret is managed by the Azure Provider.' + properties: + backOffs: + description: BackOffConfig indicates the back-off config + options. + properties: + cloudProviderBackoff: + type: boolean + cloudProviderBackoffDuration: + type: integer + cloudProviderBackoffExponent: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + cloudProviderBackoffJitter: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + cloudProviderBackoffRetries: + type: integer + type: object + rateLimits: + items: + description: 'RateLimitSpec represents the rate limit + configuration for a particular kind of resource. Eg. + loadBalancerRateLimit is used to configure rate limits + for load balancers. This eventually gets converted + to CloudProviderRateLimitConfig that cloud-provider-azure + expects. See: https://github.com/kubernetes-sigs/cloud-provider-azure/blob/d585c2031925b39c925624302f22f8856e29e352/pkg/provider/azure_ratelimit.go#L25 + We cannot use CloudProviderRateLimitConfig directly + because floating point values are not supported in + controller-tools. See: https://github.com/kubernetes-sigs/controller-tools/issues/245' + properties: + config: + description: RateLimitConfig indicates the rate + limit config options. + properties: + cloudProviderRateLimit: + type: boolean + cloudProviderRateLimitBucket: + type: integer + cloudProviderRateLimitBucketWrite: + type: integer + cloudProviderRateLimitQPS: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + cloudProviderRateLimitQPSWrite: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + name: + description: Name is the name of the rate limit + spec. + enum: + - defaultRateLimit + - routeRateLimit + - subnetsRateLimit + - interfaceRateLimit + - routeTableRateLimit + - loadBalancerRateLimit + - publicIPAddressRateLimit + - securityGroupRateLimit + - virtualMachineRateLimit + - storageAccountRateLimit + - diskRateLimit + - snapshotRateLimit + - virtualMachineScaleSetRateLimit + - virtualMachineSizesRateLimit + - availabilitySetRateLimit + type: string + required: + - name + type: object + type: array + type: object + extendedLocation: + description: ExtendedLocation is an optional set of ExtendedLocation + properties for clusters on Azure public MEC. + properties: + name: + description: Name defines the name for the extended location. + type: string + type: + description: Type defines the type for the extended location. + enum: + - EdgeZone + type: string + required: + - name + - type + type: object + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster + API failure domains. It allows controllers to understand + how many failure domains a cluster can optionally span + across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes + an infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure + domain is suitable for use by control plane machines. + type: boolean + type: object + description: 'FailureDomains is a list of failure domains + in the cluster''s region, used to restrict eligibility to + host the control plane. A FailureDomain maps to an availability + zone, which is a separated group of datacenters within a + region. See: https://learn.microsoft.com/azure/reliability/availability-zones-overview' + type: object + identityRef: + description: IdentityRef is a reference to an AzureIdentity + to be used when reconciling this cluster + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + location: + type: string + networkSpec: + description: NetworkSpec encapsulates all things related to + Azure network. + properties: + apiServerLB: + description: APIServerLB is the configuration for the + control-plane load balancer. + properties: + idleTimeoutInMinutes: + description: IdleTimeoutInMinutes specifies the timeout + for the TCP idle connection. + format: int32 + type: integer + sku: + description: SKU defines an Azure load balancer SKU. + type: string + type: + description: LBType defines an Azure load balancer + Type. + type: string + type: object + controlPlaneOutboundLB: + description: ControlPlaneOutboundLB is the configuration + for the control-plane outbound load balancer. This is + different from APIServerLB, and is used only in private + clusters (optionally) for enabling outbound traffic. + properties: + idleTimeoutInMinutes: + description: IdleTimeoutInMinutes specifies the timeout + for the TCP idle connection. + format: int32 + type: integer + sku: + description: SKU defines an Azure load balancer SKU. + type: string + type: + description: LBType defines an Azure load balancer + Type. + type: string + type: object + nodeOutboundLB: + description: NodeOutboundLB is the configuration for the + node outbound load balancer. + properties: + idleTimeoutInMinutes: + description: IdleTimeoutInMinutes specifies the timeout + for the TCP idle connection. + format: int32 + type: integer + sku: + description: SKU defines an Azure load balancer SKU. + type: string + type: + description: LBType defines an Azure load balancer + Type. + type: string + type: object + privateDNSZoneName: + description: PrivateDNSZoneName defines the zone name + for the Azure Private DNS. + type: string + subnets: + description: Subnets is the configuration for the control-plane + subnet and the node subnet. + items: + description: SubnetTemplateSpec specifies a template + for a subnet. + properties: + cidrBlocks: + description: CIDRBlocks defines the subnet's address + space, specified as one or more address prefixes + in CIDR notation. + items: + type: string + type: array + name: + description: Name defines a name for the subnet + resource. + type: string + natGateway: + description: NatGateway associated with this subnet. + properties: + name: + type: string + required: + - name + type: object + privateEndpoints: + description: PrivateEndpoints defines a list of + private endpoints that should be attached to this + subnet. + items: + description: PrivateEndpointSpec configures an + Azure Private Endpoint. + properties: + applicationSecurityGroups: + description: ApplicationSecurityGroups specifies + the Application security group in which + the private endpoint IP configuration is + included. + items: + type: string + type: array + customNetworkInterfaceName: + description: CustomNetworkInterfaceName specifies + the network interface name associated with + the private endpoint. + type: string + location: + description: Location specifies the region + to create the private endpoint. + type: string + manualApproval: + description: ManualApproval specifies if the + connection approval needs to be done manually + or not. Set it true when the network admin + does not have access to approve connections + to the remote resource. Defaults to false. + type: boolean + name: + description: Name specifies the name of the + private endpoint. + type: string + privateIPAddresses: + description: PrivateIPAddresses specifies + the IP addresses for the network interface + associated with the private endpoint. They + have to be part of the subnet where the + private endpoint is linked. + items: + type: string + type: array + privateLinkServiceConnections: + description: PrivateLinkServiceConnections + specifies Private Link Service Connections + of the private endpoint. + items: + description: PrivateLinkServiceConnection + defines the specification for a private + link service connection associated with + a private endpoint. + properties: + groupIDs: + description: GroupIDs specifies the + ID(s) of the group(s) obtained from + the remote resource that this private + endpoint should connect to. + items: + type: string + type: array + name: + description: Name specifies the name + of the private link service. + type: string + privateLinkServiceID: + description: PrivateLinkServiceID specifies + the resource ID of the private link + service. + type: string + requestMessage: + description: RequestMessage specifies + a message passed to the owner of the + remote resource with the private endpoint + connection request. + maxLength: 140 + type: string + type: object + type: array + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + role: + description: Role defines the subnet role (eg. Node, + ControlPlane) + enum: + - node + - control-plane + - bastion + type: string + securityGroup: + description: SecurityGroup defines the NSG (network + security group) that should be attached to this + subnet. + properties: + securityRules: + description: SecurityRules is a slice of Azure + security rules for security groups. + items: + description: SecurityRule defines an Azure + security rule for security groups. + properties: + action: + default: Allow + description: Action specifies whether + network traffic is allowed or denied. + Can either be "Allow" or "Deny". Defaults + to "Allow". + enum: + - Allow + - Deny + type: string + description: + description: A description for this rule. + Restricted to 140 chars. + type: string + destination: + description: Destination is the destination + address prefix. CIDR or destination + IP range. Asterix '*' can also be used + to match all source IPs. Default tags + such as 'VirtualNetwork', 'AzureLoadBalancer' + and 'Internet' can also be used. + type: string + destinationPorts: + description: DestinationPorts specifies + the destination port or range. Integer + or range between 0 and 65535. Asterix + '*' can also be used to match all ports. + type: string + direction: + description: Direction indicates whether + the rule applies to inbound, or outbound + traffic. "Inbound" or "Outbound". + enum: + - Inbound + - Outbound + type: string + name: + description: Name is a unique name within + the network security group. + type: string + priority: + description: Priority is a number between + 100 and 4096. Each rule should have + a unique value for priority. Rules are + processed in priority order, with lower + numbers processed before higher numbers. + Once traffic matches a rule, processing + stops. + format: int32 + type: integer + protocol: + description: Protocol specifies the protocol + type. "Tcp", "Udp", "Icmp", or "*". + enum: + - Tcp + - Udp + - Icmp + - '*' + type: string + source: + description: Source specifies the CIDR + or source IP range. Asterix '*' can + also be used to match all source IPs. + Default tags such as 'VirtualNetwork', + 'AzureLoadBalancer' and 'Internet' can + also be used. If this is an ingress + rule, specifies where network traffic + originates from. + type: string + sourcePorts: + description: SourcePorts specifies source + port or range. Integer or range between + 0 and 65535. Asterix '*' can also be + used to match all ports. + type: string + required: + - description + - direction + - name + - protocol + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + tags: + additionalProperties: + type: string + description: Tags defines a map of tags. + type: object + type: object + serviceEndpoints: + description: ServiceEndpoints is a slice of Virtual + Network service endpoints to enable for the subnets. + items: + description: ServiceEndpointSpec configures an + Azure Service Endpoint. + properties: + locations: + items: + type: string + type: array + service: + type: string + required: + - locations + - service + type: object + type: array + x-kubernetes-list-map-keys: + - service + x-kubernetes-list-type: map + required: + - name + - role + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + vnet: + description: Vnet is the configuration for the Azure virtual + network. + properties: + cidrBlocks: + description: CIDRBlocks defines the virtual network's + address space, specified as one or more address + prefixes in CIDR notation. + items: + type: string + type: array + peerings: + description: Peerings defines a list of peerings of + the newly created virtual network with existing + virtual networks. + items: + description: VnetPeeringClassSpec specifies a virtual + network peering class. + properties: + forwardPeeringProperties: + description: ForwardPeeringProperties specifies + VnetPeeringProperties for peering from the + cluster's virtual network to the remote virtual + network. + properties: + allowForwardedTraffic: + description: AllowForwardedTraffic specifies + whether the forwarded traffic from the + VMs in the local virtual network will + be allowed/disallowed in remote virtual + network. + type: boolean + allowGatewayTransit: + description: AllowGatewayTransit specifies + if gateway links can be used in remote + virtual networking to link to this virtual + network. + type: boolean + allowVirtualNetworkAccess: + description: AllowVirtualNetworkAccess specifies + whether the VMs in the local virtual network + space would be able to access the VMs + in remote virtual network space. + type: boolean + useRemoteGateways: + description: UseRemoteGateways specifies + if remote gateways can be used on this + virtual network. If the flag is set to + true, and allowGatewayTransit on remote + peering is also set to true, the virtual + network will use the gateways of the remote + virtual network for transit. Only one + peering can have this flag set to true. + This flag cannot be set if virtual network + already has a gateway. + type: boolean + type: object + remoteVnetName: + description: RemoteVnetName defines name of + the remote virtual network. + type: string + resourceGroup: + description: ResourceGroup is the resource group + name of the remote virtual network. + type: string + reversePeeringProperties: + description: ReversePeeringProperties specifies + VnetPeeringProperties for peering from the + remote virtual network to the cluster's virtual + network. + properties: + allowForwardedTraffic: + description: AllowForwardedTraffic specifies + whether the forwarded traffic from the + VMs in the local virtual network will + be allowed/disallowed in remote virtual + network. + type: boolean + allowGatewayTransit: + description: AllowGatewayTransit specifies + if gateway links can be used in remote + virtual networking to link to this virtual + network. + type: boolean + allowVirtualNetworkAccess: + description: AllowVirtualNetworkAccess specifies + whether the VMs in the local virtual network + space would be able to access the VMs + in remote virtual network space. + type: boolean + useRemoteGateways: + description: UseRemoteGateways specifies + if remote gateways can be used on this + virtual network. If the flag is set to + true, and allowGatewayTransit on remote + peering is also set to true, the virtual + network will use the gateways of the remote + virtual network for transit. Only one + peering can have this flag set to true. + This flag cannot be set if virtual network + already has a gateway. + type: boolean + type: object + required: + - remoteVnetName + type: object + type: array + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing + the resource. + type: object + type: object + type: object + subscriptionID: + type: string + required: + - location + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.kubernetes.io: unapproved + controller-gen.kubebuilder.io/version: v0.5.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: azureidentities.aadpodidentity.k8s.io +spec: + group: aadpodidentity.k8s.io + names: + kind: AzureIdentity + listKind: AzureIdentityList + plural: azureidentities + singular: azureidentity + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: AzureIdentity is the specification of the identity data structure. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureIdentitySpec describes the credential specifications + of an identity on Azure. + properties: + adEndpoint: + type: string + adResourceID: + description: For service principal. Option param for specifying the AD + details. + type: string + auxiliaryTenantIDs: + description: Service principal auxiliary tenant ids + items: + type: string + nullable: true + type: array + clientID: + description: Both User Assigned MSI and SP can use this field. + type: string + clientPassword: + description: Used for service principal + properties: + name: + description: Name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: Namespace defines the space within which the secret + name must be unique. + type: string + type: object + metadata: + type: object + replicas: + format: int32 + nullable: true + type: integer + resourceID: + description: User assigned MSI resource id. + type: string + tenantID: + description: Service principal primary tenant id. + type: string + type: + description: UserAssignedMSI or Service Principal + type: integer + type: object + status: + description: AzureIdentityStatus contains the replica status of the resource. + properties: + availableReplicas: + format: int32 + type: integer + metadata: + type: object + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.kubernetes.io: unapproved + controller-gen.kubebuilder.io/version: v0.5.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: azureidentitybindings.aadpodidentity.k8s.io +spec: + group: aadpodidentity.k8s.io + names: + kind: AzureIdentityBinding + listKind: AzureIdentityBindingList + plural: azureidentitybindings + singular: azureidentitybinding + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: AzureIdentityBinding brings together the spec of matching pods + and the identity which they can use. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureIdentityBindingSpec matches the pod with the Identity. + Used to indicate the potential matches to look for between the pod/deployment + and the identities present. + properties: + azureIdentity: + type: string + metadata: + type: object + selector: + type: string + weight: + description: Weight is used to figure out which of the matching identities + would be selected. + type: integer + type: object + status: + description: AzureIdentityBindingStatus contains the status of an AzureIdentityBinding. + properties: + availableReplicas: + format: int32 + type: integer + metadata: + type: object + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + controller-gen.kubebuilder.io/version: v0.9.2 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremachinepoolmachines.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capz-webhook-service + namespace: capz-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureMachinePoolMachine + listKind: AzureMachinePoolMachineList + plural: azuremachinepoolmachines + shortNames: + - ampm + singular: azuremachinepoolmachine + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Kubernetes version + jsonPath: .status.version + name: Version + type: string + - description: Flag indicating infrastructure is successfully provisioned + jsonPath: .status.ready + name: Ready + type: string + - description: Azure VMSS VM provisioning state + jsonPath: .status.provisioningState + name: State + type: string + - description: Cluster to which this AzureMachinePoolMachine belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + priority: 1 + type: string + - description: Azure VMSS VM ID + jsonPath: .spec.providerID + name: VMSS VM ID + priority: 1 + type: string + - description: Time duration since creation of this AzureMachinePoolMachine + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: AzureMachinePoolMachine is the Schema for the azuremachinepoolmachines + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureMachinePoolMachineSpec defines the desired state of + AzureMachinePoolMachine. + properties: + instanceID: + description: InstanceID is the identification of the Machine Instance + within the VMSS + type: string + providerID: + description: ProviderID is the identification ID of the Virtual Machine + Scale Set + type: string + required: + - providerID + type: object + status: + description: AzureMachinePoolMachineStatus defines the observed state + of AzureMachinePoolMachine. + properties: + conditions: + description: Conditions defines current service state of the AzureMachinePool. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the MachinePool and will contain + a more verbose string suitable for logging and human consumption. + \n Any transient errors that occur during the reconciliation of + MachinePools can be added as events to the MachinePool object and/or + logged in the controller's output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the MachinePool machine and will + contain a succinct value suitable for machine interpretation. \n + Any transient errors that occur during the reconciliation of MachinePools + can be added as events to the MachinePool object and/or logged in + the controller's output." + type: string + instanceName: + description: InstanceName is the name of the Machine Instance within + the VMSS + type: string + latestModelApplied: + description: LatestModelApplied indicates the instance is running + the most up-to-date VMSS model. A VMSS model describes the image + version the VM is running. If the instance is not running the latest + model, it means the instance may not be running the version of Kubernetes + the Machine Pool has specified and needs to be updated. + type: boolean + longRunningOperationStates: + description: LongRunningOperationStates saves the state for Azure + long running operations so they can be continued on the next reconciliation + loop. + items: + description: Future contains the data needed for an Azure long-running + operation to continue across reconcile loops. + properties: + data: + description: Data is the base64 url encoded json Azure AutoRest + Future. + type: string + name: + description: Name is the name of the Azure resource. Together + with the service name, this forms the unique identifier for + the future. + type: string + resourceGroup: + description: ResourceGroup is the Azure resource group for the + resource. + type: string + serviceName: + description: ServiceName is the name of the Azure service. Together + with the name of the resource, this forms the unique identifier + for the future. + type: string + type: + description: Type describes the type of future, such as update, + create, delete, etc. + type: string + required: + - data + - name + - serviceName + - type + type: object + type: array + nodeRef: + description: NodeRef will point to the corresponding Node if it exists. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + provisioningState: + description: ProvisioningState is the provisioning state of the Azure + virtual machine instance. + type: string + ready: + description: Ready is true when the provider resource is ready. + type: boolean + version: + description: Version defines the Kubernetes version for the VM Instance + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + controller-gen.kubebuilder.io/version: v0.9.2 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremachinepools.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capz-webhook-service + namespace: capz-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureMachinePool + listKind: AzureMachinePoolList + plural: azuremachinepools + shortNames: + - amp + singular: azuremachinepool + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: AzureMachinePool replicas count + jsonPath: .status.replicas + name: Replicas + type: string + - description: AzureMachinePool replicas count + jsonPath: .status.ready + name: Ready + type: string + - description: Azure VMSS provisioning state + jsonPath: .status.provisioningState + name: State + type: string + - description: Cluster to which this AzureMachinePool belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + priority: 1 + type: string + - description: MachinePool object to which this AzureMachinePool belongs + jsonPath: .metadata.ownerReferences[?(@.kind=="MachinePool")].name + name: MachinePool + priority: 1 + type: string + - description: Azure VMSS ID + jsonPath: .spec.providerID + name: VMSS ID + priority: 1 + type: string + - description: Azure VM Size + jsonPath: .spec.template.vmSize + name: VM Size + priority: 1 + type: string + - description: Time duration since creation of this AzureMachinePool + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: AzureMachinePool is the Schema for the azuremachinepools API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureMachinePoolSpec defines the desired state of AzureMachinePool. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to an + instance, in addition to the ones added by default by the Azure + provider. If both the AzureCluster and the AzureMachine specify + the same tag name with different values, the AzureMachine's value + takes precedence. + type: object + identity: + default: None + description: Identity is the type of identity used for the Virtual + Machine Scale Set. The type 'SystemAssigned' is an implicitly created + identity. The generated identity will be assigned a Subscription + contributor role. The type 'UserAssigned' is a standalone Azure + resource provided by the user and assigned to the VM + enum: + - None + - SystemAssigned + - UserAssigned + type: string + location: + description: Location is the Azure region location e.g. westus2 + type: string + orchestrationMode: + default: Uniform + description: OrchestrationMode specifies the orchestration mode for + the Virtual Machine Scale Set + enum: + - Flexible + - Uniform + type: string + providerID: + description: ProviderID is the identification ID of the Virtual Machine + Scale Set + type: string + providerIDList: + description: ProviderIDList are the identification IDs of machine + instances provided by the provider. This field must match the provider + IDs as seen on the node objects corresponding to a machine pool's + machine instances. + items: + type: string + type: array + roleAssignmentName: + description: 'Deprecated: RoleAssignmentName should be set in the + systemAssignedIdentityRole field.' + type: string + strategy: + default: + rollingUpdate: + deletePolicy: Oldest + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + description: The deployment strategy to use to replace existing AzureMachinePoolMachines + with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only if MachineDeploymentStrategyType + = RollingUpdate. + properties: + deletePolicy: + default: Oldest + description: DeletePolicy defines the policy used by the MachineDeployment + to identify nodes to delete when downscaling. Valid values + are "Random, "Newest", "Oldest" When no value is supplied, + the default is Oldest + enum: + - Random + - Newest + - Oldest + type: string + maxSurge: + anyOf: + - type: integer + - type: string + default: 1 + description: 'The maximum number of machines that can be scheduled + above the desired number of machines. Value can be an absolute + number (ex: 5) or a percentage of desired machines (ex: + 10%). This can not be 0 if MaxUnavailable is 0. Absolute + number is calculated from percentage by rounding up. Defaults + to 1. Example: when this is set to 30%, the new MachineSet + can be scaled up immediately when the rolling update starts, + such that the total number of old and new machines do not + exceed 130% of desired machines. Once old machines have + been killed, new MachineSet can be scaled up further, ensuring + that total number of machines running at any time during + the update is at most 130% of desired machines.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + default: 0 + description: 'The maximum number of machines that can be unavailable + during the update. Value can be an absolute number (ex: + 5) or a percentage of desired machines (ex: 10%). Absolute + number is calculated from percentage by rounding down. This + can not be 0 if MaxSurge is 0. Defaults to 0. Example: when + this is set to 30%, the old MachineSet can be scaled down + to 70% of desired machines immediately when the rolling + update starts. Once new machines are ready, old MachineSet + can be scaled down further, followed by scaling up the new + MachineSet, ensuring that the total number of machines available + at all times during the update is at least 70% of desired + machines.' + x-kubernetes-int-or-string: true + type: object + type: + default: RollingUpdate + description: Type of deployment. Currently the only supported + strategy is RollingUpdate + enum: + - RollingUpdate + type: string + type: object + systemAssignedIdentityRole: + description: SystemAssignedIdentityRole defines the role and scope + to assign to the system assigned identity. + properties: + definitionID: + description: 'DefinitionID is the ID of the role definition to + create for a system assigned identity. It can be an Azure built-in + role or a custom role. Refer to built-in roles: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles' + type: string + name: + description: Name is the name of the role assignment to create + for a system assigned identity. It can be any valid UUID. If + not specified, a random UUID will be generated. + type: string + scope: + description: Scope is the scope that the role assignment or definition + applies to. The scope can be any REST resource instance. If + not specified, the scope will be the subscription. + type: string + type: object + template: + description: Template contains the details used to build a replica + virtual machine within the Machine Pool + properties: + acceleratedNetworking: + description: 'Deprecated: AcceleratedNetworking should be set + in the networkInterfaces field.' + type: boolean + dataDisks: + description: DataDisks specifies the list of data disks to be + created for a Virtual Machine + items: + description: DataDisk specifies the parameters that are used + to add one or more data disks to the machine. + properties: + cachingType: + description: CachingType specifies the caching requirements. + enum: + - None + - ReadOnly + - ReadWrite + type: string + diskSizeGB: + description: DiskSizeGB is the size in GB to assign to the + data disk. + format: int32 + type: integer + lun: + description: Lun Specifies the logical unit number of the + data disk. This value is used to identify data disks within + the VM and therefore must be unique for each data disk + attached to a VM. The value must be between 0 and 63. + format: int32 + type: integer + managedDisk: + description: ManagedDisk specifies the Managed Disk parameters + for the data disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed disk. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityProfile: + description: SecurityProfile specifies the security + profile for the managed disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed + disk that is used for Customer Managed Key encrypted + ConfidentialVM OS Disk and VMGuest blob. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityEncryptionType: + description: SecurityEncryptionType specifies the + encryption type of the managed disk. It is set + to DiskWithVMGuestState to encrypt the managed + disk along with the VMGuestState blob, and to + VMGuestStateOnly to encrypt the VMGuestState blob + only. When set to VMGuestStateOnly, VirtualizedTrustedPlatformModule + should be set to Enabled. When set to DiskWithVMGuestState, + EncryptionAtHost should be disabled, SecureBoot + and VirtualizedTrustedPlatformModule should be + set to Enabled. It can be set only for Confidential + VMs. + enum: + - VMGuestStateOnly + - DiskWithVMGuestState + type: string + type: object + storageAccountType: + type: string + type: object + nameSuffix: + description: NameSuffix is the suffix to be appended to + the machine name to generate the disk name. Each disk + name will be in format _. + type: string + required: + - diskSizeGB + - nameSuffix + type: object + type: array + diagnostics: + description: Diagnostics specifies the diagnostics settings for + a virtual machine. If not specified then Boot diagnostics (Managed) + will be enabled. + properties: + boot: + description: Boot configures the boot diagnostics settings + for the virtual machine. This allows to configure capturing + serial output from the virtual machine on boot. This is + useful for debugging software based launch issues. If not + specified then Boot diagnostics (Managed) will be enabled. + properties: + storageAccountType: + description: StorageAccountType determines if the storage + account for storing the diagnostics data should be disabled + (Disabled), provisioned by Azure (Managed) or by the + user (UserManaged). + enum: + - Managed + - UserManaged + - Disabled + type: string + userManaged: + description: UserManaged provides a reference to the user-managed + storage account. + properties: + storageAccountURI: + description: 'StorageAccountURI is the URI of the + user-managed storage account. The URI typically + will be `https://.blob.core.windows.net/` + but may differ if you are using Azure DNS zone endpoints. + You can find the correct endpoint by looking for + the Blob Primary Endpoint in the endpoints tab in + the Azure console or with the CLI by issuing `az + storage account list --query=''[].{name: name, "resource + group": resourceGroup, "blob endpoint": primaryEndpoints.blob}''`.' + maxLength: 1024 + pattern: ^https:// + type: string + required: + - storageAccountURI + type: object + required: + - storageAccountType + type: object + type: object + image: + description: Image is used to provide details of an image to use + during VM creation. If image details are omitted the image will + default the Azure Marketplace "capi" offer, which is based on + Ubuntu. + properties: + computeGallery: + description: ComputeGallery specifies an image to use from + the Azure Compute Gallery + properties: + gallery: + description: Gallery specifies the name of the compute + image gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + plan: + description: Plan contains plan information. + properties: + offer: + description: Offer specifies the name of a group of + related images created by the publisher. For example, + UbuntuServer, WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization + that created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, + such as a major release of a distribution. For example, + 18.04-LTS, 2019-Datacenter + minLength: 1 + type: string + required: + - offer + - publisher + - sku + type: object + resourceGroup: + description: ResourceGroup specifies the resource group + containing the private compute gallery. + type: string + subscriptionID: + description: SubscriptionID is the identifier of the subscription + that contains the private compute gallery. + type: string + version: + description: Version specifies the version of the marketplace + image. The allowed formats are Major.Minor.Build or + 'latest'. Major, Minor, and Build are decimal numbers. + Specify 'latest' to use the latest version of an image + available at deploy time. Even if you use 'latest', + the VM image will not automatically update after deploy + time even if a new version becomes available. + minLength: 1 + type: string + required: + - gallery + - name + - version + type: object + id: + description: ID specifies an image to use by ID + type: string + marketplace: + description: Marketplace specifies an image to use from the + Azure Marketplace + properties: + offer: + description: Offer specifies the name of a group of related + images created by the publisher. For example, UbuntuServer, + WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization + that created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, such + as a major release of a distribution. For example, 18.04-LTS, + 2019-Datacenter + minLength: 1 + type: string + thirdPartyImage: + default: false + description: ThirdPartyImage indicates the image is published + by a third party publisher and a Plan will be generated + for it. + type: boolean + version: + description: Version specifies the version of an image + sku. The allowed formats are Major.Minor.Build or 'latest'. + Major, Minor, and Build are decimal numbers. Specify + 'latest' to use the latest version of an image available + at deploy time. Even if you use 'latest', the VM image + will not automatically update after deploy time even + if a new version becomes available. + minLength: 1 + type: string + required: + - offer + - publisher + - sku + - version + type: object + sharedGallery: + description: 'SharedGallery specifies an image to use from + an Azure Shared Image Gallery Deprecated: use ComputeGallery + instead.' + properties: + gallery: + description: Gallery specifies the name of the shared + image gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + offer: + description: Offer specifies the name of a group of related + images created by the publisher. For example, UbuntuServer, + WindowsServer This value will be used to add a `Plan` + in the API request when creating the VM/VMSS resource. + This is needed when the source image from which this + SIG image was built requires the `Plan` to be used. + type: string + publisher: + description: Publisher is the name of the organization + that created the image. This value will be used to add + a `Plan` in the API request when creating the VM/VMSS + resource. This is needed when the source image from + which this SIG image was built requires the `Plan` to + be used. + type: string + resourceGroup: + description: ResourceGroup specifies the resource group + containing the shared image gallery + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, such + as a major release of a distribution. For example, 18.04-LTS, + 2019-Datacenter This value will be used to add a `Plan` + in the API request when creating the VM/VMSS resource. + This is needed when the source image from which this + SIG image was built requires the `Plan` to be used. + type: string + subscriptionID: + description: SubscriptionID is the identifier of the subscription + that contains the shared image gallery + minLength: 1 + type: string + version: + description: Version specifies the version of the marketplace + image. The allowed formats are Major.Minor.Build or + 'latest'. Major, Minor, and Build are decimal numbers. + Specify 'latest' to use the latest version of an image + available at deploy time. Even if you use 'latest', + the VM image will not automatically update after deploy + time even if a new version becomes available. + minLength: 1 + type: string + required: + - gallery + - name + - resourceGroup + - subscriptionID + - version + type: object + type: object + networkInterfaces: + description: NetworkInterfaces specifies a list of network interface + configurations. If left unspecified, the VM will get a single + network interface with a single IPConfig in the subnet specified + in the cluster's node subnet field. The primary interface will + be the first networkInterface specified (index 0) in the list. + items: + description: NetworkInterface defines a network interface. + properties: + acceleratedNetworking: + description: AcceleratedNetworking enables or disables Azure + accelerated networking. If omitted, it will be set based + on whether the requested VMSize supports accelerated networking. + If AcceleratedNetworking is set to true with a VMSize + that does not support it, Azure will return an error. + type: boolean + privateIPConfigs: + description: PrivateIPConfigs specifies the number of private + IP addresses to attach to the interface. Defaults to 1 + if not specified. + type: integer + subnetName: + description: SubnetName specifies the subnet in which the + new network interface will be placed. + type: string + type: object + type: array + osDisk: + description: OSDisk contains the operating system disk information + for a Virtual Machine + properties: + cachingType: + description: CachingType specifies the caching requirements. + enum: + - None + - ReadOnly + - ReadWrite + type: string + diffDiskSettings: + description: DiffDiskSettings describe ephemeral disk settings + for the os disk. + properties: + option: + description: Option enables ephemeral OS when set to "Local" + See https://learn.microsoft.com/azure/virtual-machines/ephemeral-os-disks + for full details + enum: + - Local + type: string + required: + - option + type: object + diskSizeGB: + description: DiskSizeGB is the size in GB to assign to the + OS disk. Will have a default of 30GB if not provided + format: int32 + type: integer + managedDisk: + description: ManagedDisk specifies the Managed Disk parameters + for the OS disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed disk. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityProfile: + description: SecurityProfile specifies the security profile + for the managed disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed + disk that is used for Customer Managed Key encrypted + ConfidentialVM OS Disk and VMGuest blob. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityEncryptionType: + description: SecurityEncryptionType specifies the + encryption type of the managed disk. It is set to + DiskWithVMGuestState to encrypt the managed disk + along with the VMGuestState blob, and to VMGuestStateOnly + to encrypt the VMGuestState blob only. When set + to VMGuestStateOnly, VirtualizedTrustedPlatformModule + should be set to Enabled. When set to DiskWithVMGuestState, + EncryptionAtHost should be disabled, SecureBoot + and VirtualizedTrustedPlatformModule should be set + to Enabled. It can be set only for Confidential + VMs. + enum: + - VMGuestStateOnly + - DiskWithVMGuestState + type: string + type: object + storageAccountType: + type: string + type: object + osType: + type: string + required: + - osType + type: object + securityProfile: + description: SecurityProfile specifies the Security profile settings + for a virtual machine. + properties: + encryptionAtHost: + description: This field indicates whether Host Encryption + should be enabled or disabled for a virtual machine or virtual + machine scale set. This should be disabled when SecurityEncryptionType + is set to DiskWithVMGuestState. Default is disabled. + type: boolean + securityType: + description: 'SecurityType specifies the SecurityType of the + virtual machine. It has to be set to any specified value + to enable UefiSettings. The default behavior is: UefiSettings + will not be enabled unless this property is set.' + enum: + - ConfidentialVM + - TrustedLaunch + type: string + uefiSettings: + description: UefiSettings specifies the security settings + like secure boot and vTPM used while creating the virtual + machine. + properties: + secureBootEnabled: + description: SecureBootEnabled specifies whether secure + boot should be enabled on the virtual machine. Secure + Boot verifies the digital signature of all boot components + and halts the boot process if signature verification + fails. If omitted, the platform chooses a default, which + is subject to change over time, currently that default + is false. + type: boolean + vTpmEnabled: + description: VTpmEnabled specifies whether vTPM should + be enabled on the virtual machine. When true it enables + the virtualized trusted platform module measurements + to create a known good boot integrity policy baseline. + The integrity policy baseline is used for comparison + with measurements from subsequent VM boots to determine + if anything has changed. This is required to be set + to Enabled if SecurityEncryptionType is defined. If + omitted, the platform chooses a default, which is subject + to change over time, currently that default is false. + type: boolean + type: object + type: object + spotVMOptions: + description: SpotVMOptions allows the ability to specify the Machine + should use a Spot VM + properties: + evictionPolicy: + description: EvictionPolicy defines the behavior of the virtual + machine when it is evicted. It can be either Delete or Deallocate. + enum: + - Deallocate + - Delete + type: string + maxPrice: + anyOf: + - type: integer + - type: string + description: MaxPrice defines the maximum price the user is + willing to pay for Spot VM instances + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + sshPublicKey: + description: SSHPublicKey is the SSH public key string, base64-encoded + to add to a Virtual Machine. Linux only. Refer to documentation + on how to set up SSH access on Windows instances. + type: string + subnetName: + description: 'Deprecated: SubnetName should be set in the networkInterfaces + field.' + type: string + terminateNotificationTimeout: + description: TerminateNotificationTimeout enables or disables + VMSS scheduled events termination notification with specified + timeout allowed values are between 5 and 15 (mins) + type: integer + vmExtensions: + description: VMExtensions specifies a list of extensions to be + added to the scale set. + items: + description: VMExtension specifies the parameters for a custom + VM extension. + properties: + name: + description: Name is the name of the extension. + type: string + protectedSettings: + additionalProperties: + type: string + description: ProtectedSettings is a JSON formatted protected + settings for the extension. + type: object + publisher: + description: Publisher is the name of the extension handler + publisher. + type: string + settings: + additionalProperties: + type: string + description: Settings is a JSON formatted public settings + for the extension. + type: object + version: + description: Version specifies the version of the script + handler. + type: string + required: + - name + - publisher + - version + type: object + type: array + vmSize: + description: VMSize is the size of the Virtual Machine to build. + See https://learn.microsoft.com/rest/api/compute/virtualmachines/createorupdate#virtualmachinesizetypes + type: string + required: + - osDisk + - vmSize + type: object + userAssignedIdentities: + description: UserAssignedIdentities is a list of standalone Azure + identities provided by the user The lifecycle of a user-assigned + identity is managed separately from the lifecycle of the AzureMachinePool. + See https://learn.microsoft.com/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-cli + items: + description: UserAssignedIdentity defines the user-assigned identities + provided by the user to be assigned to Azure resources. + properties: + providerID: + description: 'ProviderID is the identification ID of the user-assigned + Identity, the format of an identity is: ''azure:///subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''' + type: string + required: + - providerID + type: object + type: array + required: + - location + - template + type: object + status: + description: AzureMachinePoolStatus defines the observed state of AzureMachinePool. + properties: + conditions: + description: Conditions defines current service state of the AzureMachinePool. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the MachinePool and will contain + a more verbose string suitable for logging and human consumption. + \n This field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the MachinePool's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of MachinePools can be added as + events to the MachinePool object and/or logged in the controller's + output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the MachinePool and will contain + a succinct value suitable for machine interpretation. \n This field + should not be set for transitive errors that a controller faces + that are expected to be fixed automatically over time (like service + outages), but instead indicate that something is fundamentally wrong + with the MachinePool's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of MachinePools can be added as + events to the MachinePool object and/or logged in the controller's + output." + type: string + image: + description: Image is the current image used in the AzureMachinePool. + When the spec image is nil, this image is populated with the details + of the defaulted Azure Marketplace "capi" offer. + properties: + computeGallery: + description: ComputeGallery specifies an image to use from the + Azure Compute Gallery + properties: + gallery: + description: Gallery specifies the name of the compute image + gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + plan: + description: Plan contains plan information. + properties: + offer: + description: Offer specifies the name of a group of related + images created by the publisher. For example, UbuntuServer, + WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization + that created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, such + as a major release of a distribution. For example, 18.04-LTS, + 2019-Datacenter + minLength: 1 + type: string + required: + - offer + - publisher + - sku + type: object + resourceGroup: + description: ResourceGroup specifies the resource group containing + the private compute gallery. + type: string + subscriptionID: + description: SubscriptionID is the identifier of the subscription + that contains the private compute gallery. + type: string + version: + description: Version specifies the version of the marketplace + image. The allowed formats are Major.Minor.Build or 'latest'. + Major, Minor, and Build are decimal numbers. Specify 'latest' + to use the latest version of an image available at deploy + time. Even if you use 'latest', the VM image will not automatically + update after deploy time even if a new version becomes available. + minLength: 1 + type: string + required: + - gallery + - name + - version + type: object + id: + description: ID specifies an image to use by ID + type: string + marketplace: + description: Marketplace specifies an image to use from the Azure + Marketplace + properties: + offer: + description: Offer specifies the name of a group of related + images created by the publisher. For example, UbuntuServer, + WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization that + created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, such as + a major release of a distribution. For example, 18.04-LTS, + 2019-Datacenter + minLength: 1 + type: string + thirdPartyImage: + default: false + description: ThirdPartyImage indicates the image is published + by a third party publisher and a Plan will be generated + for it. + type: boolean + version: + description: Version specifies the version of an image sku. + The allowed formats are Major.Minor.Build or 'latest'. Major, + Minor, and Build are decimal numbers. Specify 'latest' to + use the latest version of an image available at deploy time. + Even if you use 'latest', the VM image will not automatically + update after deploy time even if a new version becomes available. + minLength: 1 + type: string + required: + - offer + - publisher + - sku + - version + type: object + sharedGallery: + description: 'SharedGallery specifies an image to use from an + Azure Shared Image Gallery Deprecated: use ComputeGallery instead.' + properties: + gallery: + description: Gallery specifies the name of the shared image + gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + offer: + description: Offer specifies the name of a group of related + images created by the publisher. For example, UbuntuServer, + WindowsServer This value will be used to add a `Plan` in + the API request when creating the VM/VMSS resource. This + is needed when the source image from which this SIG image + was built requires the `Plan` to be used. + type: string + publisher: + description: Publisher is the name of the organization that + created the image. This value will be used to add a `Plan` + in the API request when creating the VM/VMSS resource. This + is needed when the source image from which this SIG image + was built requires the `Plan` to be used. + type: string + resourceGroup: + description: ResourceGroup specifies the resource group containing + the shared image gallery + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, such as + a major release of a distribution. For example, 18.04-LTS, + 2019-Datacenter This value will be used to add a `Plan` + in the API request when creating the VM/VMSS resource. This + is needed when the source image from which this SIG image + was built requires the `Plan` to be used. + type: string + subscriptionID: + description: SubscriptionID is the identifier of the subscription + that contains the shared image gallery + minLength: 1 + type: string + version: + description: Version specifies the version of the marketplace + image. The allowed formats are Major.Minor.Build or 'latest'. + Major, Minor, and Build are decimal numbers. Specify 'latest' + to use the latest version of an image available at deploy + time. Even if you use 'latest', the VM image will not automatically + update after deploy time even if a new version becomes available. + minLength: 1 + type: string + required: + - gallery + - name + - resourceGroup + - subscriptionID + - version + type: object + type: object + infrastructureMachineKind: + description: InfrastructureMachineKind is the kind of the infrastructure + resources behind MachinePool Machines. + type: string + instances: + description: Instances is the VM instance status for each VM in the + VMSS + items: + description: AzureMachinePoolInstanceStatus provides status information + for each instance in the VMSS. + properties: + instanceID: + description: InstanceID is the identification of the Machine + Instance within the VMSS + type: string + instanceName: + description: InstanceName is the name of the Machine Instance + within the VMSS + type: string + latestModelApplied: + description: LatestModelApplied indicates the instance is running + the most up-to-date VMSS model. A VMSS model describes the + image version the VM is running. If the instance is not running + the latest model, it means the instance may not be running + the version of Kubernetes the Machine Pool has specified and + needs to be updated. + type: boolean + providerID: + description: ProviderID is the provider identification of the + VMSS Instance + type: string + provisioningState: + description: ProvisioningState is the provisioning state of + the Azure virtual machine instance. + type: string + version: + description: Version defines the Kubernetes version for the + VM Instance + type: string + required: + - latestModelApplied + type: object + type: array + longRunningOperationStates: + description: LongRunningOperationStates saves the state for Azure + long-running operations so they can be continued on the next reconciliation + loop. + items: + description: Future contains the data needed for an Azure long-running + operation to continue across reconcile loops. + properties: + data: + description: Data is the base64 url encoded json Azure AutoRest + Future. + type: string + name: + description: Name is the name of the Azure resource. Together + with the service name, this forms the unique identifier for + the future. + type: string + resourceGroup: + description: ResourceGroup is the Azure resource group for the + resource. + type: string + serviceName: + description: ServiceName is the name of the Azure service. Together + with the name of the resource, this forms the unique identifier + for the future. + type: string + type: + description: Type describes the type of future, such as update, + create, delete, etc. + type: string + required: + - data + - name + - serviceName + - type + type: object + type: array + provisioningState: + description: ProvisioningState is the provisioning state of the Azure + virtual machine. + type: string + ready: + description: Ready is true when the provider resource is ready. + type: boolean + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + version: + description: Version is the Kubernetes version for the current VMSS + model + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + controller-gen.kubebuilder.io/version: v0.9.2 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremachines.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capz-webhook-service + namespace: capz-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureMachine + listKind: AzureMachineList + plural: azuremachines + singular: azuremachine + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + priority: 1 + type: string + - description: Azure VM provisioning state + jsonPath: .status.vmState + name: State + type: string + - description: Cluster to which this AzureMachine belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + priority: 1 + type: string + - description: Machine object to which this AzureMachine belongs + jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name + name: Machine + priority: 1 + type: string + - description: Azure VM ID + jsonPath: .spec.providerID + name: VM ID + priority: 1 + type: string + - description: Azure VM Size + jsonPath: .spec.vmSize + name: VM Size + priority: 1 + type: string + - description: Time duration since creation of this AzureMachine + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: AzureMachine is the Schema for the azuremachines API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureMachineSpec defines the desired state of AzureMachine. + properties: + acceleratedNetworking: + description: 'Deprecated: AcceleratedNetworking should be set in the + networkInterfaces field.' + type: boolean + additionalCapabilities: + description: AdditionalCapabilities specifies additional capabilities + enabled or disabled on the virtual machine. + properties: + ultraSSDEnabled: + description: UltraSSDEnabled enables or disables Azure UltraSSD + capability for the virtual machine. Defaults to true if Ultra + SSD data disks are specified, otherwise it doesn't set the capability + on the VM. + type: boolean + type: object + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to an + instance, in addition to the ones added by default by the Azure + provider. If both the AzureCluster and the AzureMachine specify + the same tag name with different values, the AzureMachine's value + takes precedence. + type: object + allocatePublicIP: + description: AllocatePublicIP allows the ability to create dynamic + public ips for machines where this value is true. + type: boolean + dataDisks: + description: DataDisk specifies the parameters that are used to add + one or more data disks to the machine + items: + description: DataDisk specifies the parameters that are used to + add one or more data disks to the machine. + properties: + cachingType: + description: CachingType specifies the caching requirements. + enum: + - None + - ReadOnly + - ReadWrite + type: string + diskSizeGB: + description: DiskSizeGB is the size in GB to assign to the data + disk. + format: int32 + type: integer + lun: + description: Lun Specifies the logical unit number of the data + disk. This value is used to identify data disks within the + VM and therefore must be unique for each data disk attached + to a VM. The value must be between 0 and 63. + format: int32 + type: integer + managedDisk: + description: ManagedDisk specifies the Managed Disk parameters + for the data disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed disk. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityProfile: + description: SecurityProfile specifies the security profile + for the managed disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed disk + that is used for Customer Managed Key encrypted ConfidentialVM + OS Disk and VMGuest blob. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityEncryptionType: + description: SecurityEncryptionType specifies the encryption + type of the managed disk. It is set to DiskWithVMGuestState + to encrypt the managed disk along with the VMGuestState + blob, and to VMGuestStateOnly to encrypt the VMGuestState + blob only. When set to VMGuestStateOnly, VirtualizedTrustedPlatformModule + should be set to Enabled. When set to DiskWithVMGuestState, + EncryptionAtHost should be disabled, SecureBoot and + VirtualizedTrustedPlatformModule should be set to + Enabled. It can be set only for Confidential VMs. + enum: + - VMGuestStateOnly + - DiskWithVMGuestState + type: string + type: object + storageAccountType: + type: string + type: object + nameSuffix: + description: NameSuffix is the suffix to be appended to the + machine name to generate the disk name. Each disk name will + be in format _. + type: string + required: + - diskSizeGB + - nameSuffix + type: object + type: array + diagnostics: + description: Diagnostics specifies the diagnostics settings for a + virtual machine. If not specified then Boot diagnostics (Managed) + will be enabled. + properties: + boot: + description: Boot configures the boot diagnostics settings for + the virtual machine. This allows to configure capturing serial + output from the virtual machine on boot. This is useful for + debugging software based launch issues. If not specified then + Boot diagnostics (Managed) will be enabled. + properties: + storageAccountType: + description: StorageAccountType determines if the storage + account for storing the diagnostics data should be disabled + (Disabled), provisioned by Azure (Managed) or by the user + (UserManaged). + enum: + - Managed + - UserManaged + - Disabled + type: string + userManaged: + description: UserManaged provides a reference to the user-managed + storage account. + properties: + storageAccountURI: + description: 'StorageAccountURI is the URI of the user-managed + storage account. The URI typically will be `https://.blob.core.windows.net/` + but may differ if you are using Azure DNS zone endpoints. + You can find the correct endpoint by looking for the + Blob Primary Endpoint in the endpoints tab in the Azure + console or with the CLI by issuing `az storage account + list --query=''[].{name: name, "resource group": resourceGroup, + "blob endpoint": primaryEndpoints.blob}''`.' + maxLength: 1024 + pattern: ^https:// + type: string + required: + - storageAccountURI + type: object + required: + - storageAccountType + type: object + type: object + dnsServers: + description: DNSServers adds a list of DNS Server IP addresses to + the VM NICs. + items: + type: string + type: array + enableIPForwarding: + description: EnableIPForwarding enables IP Forwarding in Azure which + is required for some CNI's to send traffic from a pods on one machine + to another. This is required for IpV6 with Calico in combination + with User Defined Routes (set by the Azure Cloud Controller manager). + Default is false for disabled. + type: boolean + failureDomain: + description: FailureDomain is the failure domain unique identifier + this Machine should be attached to, as defined in Cluster API. This + relates to an Azure Availability Zone + type: string + identity: + default: None + description: Identity is the type of identity used for the virtual + machine. The type 'SystemAssigned' is an implicitly created identity. + The generated identity will be assigned a Subscription contributor + role. The type 'UserAssigned' is a standalone Azure resource provided + by the user and assigned to the VM + enum: + - None + - SystemAssigned + - UserAssigned + type: string + image: + description: Image is used to provide details of an image to use during + VM creation. If image details are omitted the image will default + the Azure Marketplace "capi" offer, which is based on Ubuntu. + properties: + computeGallery: + description: ComputeGallery specifies an image to use from the + Azure Compute Gallery + properties: + gallery: + description: Gallery specifies the name of the compute image + gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + plan: + description: Plan contains plan information. + properties: + offer: + description: Offer specifies the name of a group of related + images created by the publisher. For example, UbuntuServer, + WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization + that created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, such + as a major release of a distribution. For example, 18.04-LTS, + 2019-Datacenter + minLength: 1 + type: string + required: + - offer + - publisher + - sku + type: object + resourceGroup: + description: ResourceGroup specifies the resource group containing + the private compute gallery. + type: string + subscriptionID: + description: SubscriptionID is the identifier of the subscription + that contains the private compute gallery. + type: string + version: + description: Version specifies the version of the marketplace + image. The allowed formats are Major.Minor.Build or 'latest'. + Major, Minor, and Build are decimal numbers. Specify 'latest' + to use the latest version of an image available at deploy + time. Even if you use 'latest', the VM image will not automatically + update after deploy time even if a new version becomes available. + minLength: 1 + type: string + required: + - gallery + - name + - version + type: object + id: + description: ID specifies an image to use by ID + type: string + marketplace: + description: Marketplace specifies an image to use from the Azure + Marketplace + properties: + offer: + description: Offer specifies the name of a group of related + images created by the publisher. For example, UbuntuServer, + WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization that + created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, such as + a major release of a distribution. For example, 18.04-LTS, + 2019-Datacenter + minLength: 1 + type: string + thirdPartyImage: + default: false + description: ThirdPartyImage indicates the image is published + by a third party publisher and a Plan will be generated + for it. + type: boolean + version: + description: Version specifies the version of an image sku. + The allowed formats are Major.Minor.Build or 'latest'. Major, + Minor, and Build are decimal numbers. Specify 'latest' to + use the latest version of an image available at deploy time. + Even if you use 'latest', the VM image will not automatically + update after deploy time even if a new version becomes available. + minLength: 1 + type: string + required: + - offer + - publisher + - sku + - version + type: object + sharedGallery: + description: 'SharedGallery specifies an image to use from an + Azure Shared Image Gallery Deprecated: use ComputeGallery instead.' + properties: + gallery: + description: Gallery specifies the name of the shared image + gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + offer: + description: Offer specifies the name of a group of related + images created by the publisher. For example, UbuntuServer, + WindowsServer This value will be used to add a `Plan` in + the API request when creating the VM/VMSS resource. This + is needed when the source image from which this SIG image + was built requires the `Plan` to be used. + type: string + publisher: + description: Publisher is the name of the organization that + created the image. This value will be used to add a `Plan` + in the API request when creating the VM/VMSS resource. This + is needed when the source image from which this SIG image + was built requires the `Plan` to be used. + type: string + resourceGroup: + description: ResourceGroup specifies the resource group containing + the shared image gallery + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, such as + a major release of a distribution. For example, 18.04-LTS, + 2019-Datacenter This value will be used to add a `Plan` + in the API request when creating the VM/VMSS resource. This + is needed when the source image from which this SIG image + was built requires the `Plan` to be used. + type: string + subscriptionID: + description: SubscriptionID is the identifier of the subscription + that contains the shared image gallery + minLength: 1 + type: string + version: + description: Version specifies the version of the marketplace + image. The allowed formats are Major.Minor.Build or 'latest'. + Major, Minor, and Build are decimal numbers. Specify 'latest' + to use the latest version of an image available at deploy + time. Even if you use 'latest', the VM image will not automatically + update after deploy time even if a new version becomes available. + minLength: 1 + type: string + required: + - gallery + - name + - resourceGroup + - subscriptionID + - version + type: object + type: object + networkInterfaces: + description: NetworkInterfaces specifies a list of network interface + configurations. If left unspecified, the VM will get a single network + interface with a single IPConfig in the subnet specified in the + cluster's node subnet field. The primary interface will be the first + networkInterface specified (index 0) in the list. + items: + description: NetworkInterface defines a network interface. + properties: + acceleratedNetworking: + description: AcceleratedNetworking enables or disables Azure + accelerated networking. If omitted, it will be set based on + whether the requested VMSize supports accelerated networking. + If AcceleratedNetworking is set to true with a VMSize that + does not support it, Azure will return an error. + type: boolean + privateIPConfigs: + description: PrivateIPConfigs specifies the number of private + IP addresses to attach to the interface. Defaults to 1 if + not specified. + type: integer + subnetName: + description: SubnetName specifies the subnet in which the new + network interface will be placed. + type: string + type: object + type: array + osDisk: + description: OSDisk specifies the parameters for the operating system + disk of the machine + properties: + cachingType: + description: CachingType specifies the caching requirements. + enum: + - None + - ReadOnly + - ReadWrite + type: string + diffDiskSettings: + description: DiffDiskSettings describe ephemeral disk settings + for the os disk. + properties: + option: + description: Option enables ephemeral OS when set to "Local" + See https://learn.microsoft.com/azure/virtual-machines/ephemeral-os-disks + for full details + enum: + - Local + type: string + required: + - option + type: object + diskSizeGB: + description: DiskSizeGB is the size in GB to assign to the OS + disk. Will have a default of 30GB if not provided + format: int32 + type: integer + managedDisk: + description: ManagedDisk specifies the Managed Disk parameters + for the OS disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed disk. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityProfile: + description: SecurityProfile specifies the security profile + for the managed disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed disk + that is used for Customer Managed Key encrypted ConfidentialVM + OS Disk and VMGuest blob. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityEncryptionType: + description: SecurityEncryptionType specifies the encryption + type of the managed disk. It is set to DiskWithVMGuestState + to encrypt the managed disk along with the VMGuestState + blob, and to VMGuestStateOnly to encrypt the VMGuestState + blob only. When set to VMGuestStateOnly, VirtualizedTrustedPlatformModule + should be set to Enabled. When set to DiskWithVMGuestState, + EncryptionAtHost should be disabled, SecureBoot and + VirtualizedTrustedPlatformModule should be set to Enabled. + It can be set only for Confidential VMs. + enum: + - VMGuestStateOnly + - DiskWithVMGuestState + type: string + type: object + storageAccountType: + type: string + type: object + osType: + type: string + required: + - osType + type: object + providerID: + description: ProviderID is the unique identifier as specified by the + cloud provider. + type: string + roleAssignmentName: + description: 'Deprecated: RoleAssignmentName should be set in the + systemAssignedIdentityRole field.' + type: string + securityProfile: + description: SecurityProfile specifies the Security profile settings + for a virtual machine. + properties: + encryptionAtHost: + description: This field indicates whether Host Encryption should + be enabled or disabled for a virtual machine or virtual machine + scale set. This should be disabled when SecurityEncryptionType + is set to DiskWithVMGuestState. Default is disabled. + type: boolean + securityType: + description: 'SecurityType specifies the SecurityType of the virtual + machine. It has to be set to any specified value to enable UefiSettings. + The default behavior is: UefiSettings will not be enabled unless + this property is set.' + enum: + - ConfidentialVM + - TrustedLaunch + type: string + uefiSettings: + description: UefiSettings specifies the security settings like + secure boot and vTPM used while creating the virtual machine. + properties: + secureBootEnabled: + description: SecureBootEnabled specifies whether secure boot + should be enabled on the virtual machine. Secure Boot verifies + the digital signature of all boot components and halts the + boot process if signature verification fails. If omitted, + the platform chooses a default, which is subject to change + over time, currently that default is false. + type: boolean + vTpmEnabled: + description: VTpmEnabled specifies whether vTPM should be + enabled on the virtual machine. When true it enables the + virtualized trusted platform module measurements to create + a known good boot integrity policy baseline. The integrity + policy baseline is used for comparison with measurements + from subsequent VM boots to determine if anything has changed. + This is required to be set to Enabled if SecurityEncryptionType + is defined. If omitted, the platform chooses a default, + which is subject to change over time, currently that default + is false. + type: boolean + type: object + type: object + spotVMOptions: + description: SpotVMOptions allows the ability to specify the Machine + should use a Spot VM + properties: + evictionPolicy: + description: EvictionPolicy defines the behavior of the virtual + machine when it is evicted. It can be either Delete or Deallocate. + enum: + - Deallocate + - Delete + type: string + maxPrice: + anyOf: + - type: integer + - type: string + description: MaxPrice defines the maximum price the user is willing + to pay for Spot VM instances + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + sshPublicKey: + description: SSHPublicKey is the SSH public key string, base64-encoded + to add to a Virtual Machine. Linux only. Refer to documentation + on how to set up SSH access on Windows instances. + type: string + subnetName: + description: 'Deprecated: SubnetName should be set in the networkInterfaces + field.' + type: string + systemAssignedIdentityRole: + description: SystemAssignedIdentityRole defines the role and scope + to assign to the system-assigned identity. + properties: + definitionID: + description: 'DefinitionID is the ID of the role definition to + create for a system assigned identity. It can be an Azure built-in + role or a custom role. Refer to built-in roles: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles' + type: string + name: + description: Name is the name of the role assignment to create + for a system assigned identity. It can be any valid UUID. If + not specified, a random UUID will be generated. + type: string + scope: + description: Scope is the scope that the role assignment or definition + applies to. The scope can be any REST resource instance. If + not specified, the scope will be the subscription. + type: string + type: object + userAssignedIdentities: + description: UserAssignedIdentities is a list of standalone Azure + identities provided by the user The lifecycle of a user-assigned + identity is managed separately from the lifecycle of the AzureMachine. + See https://learn.microsoft.com/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-cli + items: + description: UserAssignedIdentity defines the user-assigned identities + provided by the user to be assigned to Azure resources. + properties: + providerID: + description: 'ProviderID is the identification ID of the user-assigned + Identity, the format of an identity is: ''azure:///subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''' + type: string + required: + - providerID + type: object + type: array + vmExtensions: + description: VMExtensions specifies a list of extensions to be added + to the virtual machine. + items: + description: VMExtension specifies the parameters for a custom VM + extension. + properties: + name: + description: Name is the name of the extension. + type: string + protectedSettings: + additionalProperties: + type: string + description: ProtectedSettings is a JSON formatted protected + settings for the extension. + type: object + publisher: + description: Publisher is the name of the extension handler + publisher. + type: string + settings: + additionalProperties: + type: string + description: Settings is a JSON formatted public settings for + the extension. + type: object + version: + description: Version specifies the version of the script handler. + type: string + required: + - name + - publisher + - version + type: object + type: array + vmSize: + type: string + required: + - osDisk + - vmSize + type: object + status: + description: AzureMachineStatus defines the observed state of AzureMachine. + properties: + addresses: + description: Addresses contains the Azure instance associated addresses. + items: + description: NodeAddress contains information for the node's address. + properties: + address: + description: The node address. + type: string + type: + description: Node address type, one of Hostname, ExternalIP + or InternalIP. + type: string + required: + - address + - type + type: object + type: array + conditions: + description: Conditions defines current service state of the AzureMachine. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "ErrorMessage will be set in the event that there is + a terminal problem reconciling the Machine and will contain a more + verbose string suitable for logging and human consumption. \n This + field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the Machine's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of Machines can be added as events + to the Machine object and/or logged in the controller's output." + type: string + failureReason: + description: "ErrorReason will be set in the event that there is a + terminal problem reconciling the Machine and will contain a succinct + value suitable for machine interpretation. \n This field should + not be set for transitive errors that a controller faces that are + expected to be fixed automatically over time (like service outages), + but instead indicate that something is fundamentally wrong with + the Machine's spec or the configuration of the controller, and that + manual intervention is required. Examples of terminal errors would + be invalid combinations of settings in the spec, values that are + unsupported by the controller, or the responsible controller itself + being critically misconfigured. \n Any transient errors that occur + during the reconciliation of Machines can be added as events to + the Machine object and/or logged in the controller's output." + type: string + longRunningOperationStates: + description: LongRunningOperationStates saves the states for Azure + long-running operations so they can be continued on the next reconciliation + loop. + items: + description: Future contains the data needed for an Azure long-running + operation to continue across reconcile loops. + properties: + data: + description: Data is the base64 url encoded json Azure AutoRest + Future. + type: string + name: + description: Name is the name of the Azure resource. Together + with the service name, this forms the unique identifier for + the future. + type: string + resourceGroup: + description: ResourceGroup is the Azure resource group for the + resource. + type: string + serviceName: + description: ServiceName is the name of the Azure service. Together + with the name of the resource, this forms the unique identifier + for the future. + type: string + type: + description: Type describes the type of future, such as update, + create, delete, etc. + type: string + required: + - data + - name + - serviceName + - type + type: object + type: array + ready: + description: Ready is true when the provider resource is ready. + type: boolean + vmState: + description: VMState is the provisioning state of the Azure virtual + machine. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + controller-gen.kubebuilder.io/version: v0.9.2 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremachinetemplates.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capz-webhook-service + namespace: capz-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureMachineTemplate + listKind: AzureMachineTemplateList + plural: azuremachinetemplates + singular: azuremachinetemplate + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AzureMachineTemplate is the Schema for the azuremachinetemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureMachineTemplateSpec defines the desired state of AzureMachineTemplate. + properties: + template: + description: AzureMachineTemplateResource describes the data needed + to create an AzureMachine from a template. + properties: + metadata: + description: "ObjectMeta is metadata that all persisted resources + must have, which includes all objects users must create. This + is a copy of customizable fields from metav1.ObjectMeta. \n + ObjectMeta is embedded in `Machine.Spec`, `MachineDeployment.Template` + and `MachineSet.Template`, which are not top-level Kubernetes + objects. Given that metav1.ObjectMeta has lots of special cases + and read-only fields which end up in the generated CRD validation, + having it as a subset simplifies the API and some issues that + can impact user experience. \n During the [upgrade to controller-tools@v2](https://github.com/kubernetes-sigs/cluster-api/pull/1054) + for v1alpha2, we noticed a failure would occur running Cluster + API test suite against the new CRDs, specifically `spec.metadata.creationTimestamp + in body must be of type string: \"null\"`. The investigation + showed that `controller-tools@v2` behaves differently than its + previous version when handling types from [metav1](k8s.io/apimachinery/pkg/apis/meta/v1) + package. \n In more details, we found that embedded (non-top + level) types that embedded `metav1.ObjectMeta` had validation + properties, including for `creationTimestamp` (metav1.Time). + The `metav1.Time` type specifies a custom json marshaller that, + when IsZero() is true, returns `null` which breaks validation + because the field isn't marked as nullable. \n In future versions, + controller-tools@v2 might allow overriding the type and validation + for embedded types. When that happens, this hack should be revisited." + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: Spec is the specification of the desired behavior + of the machine. + properties: + acceleratedNetworking: + description: 'Deprecated: AcceleratedNetworking should be + set in the networkInterfaces field.' + type: boolean + additionalCapabilities: + description: AdditionalCapabilities specifies additional capabilities + enabled or disabled on the virtual machine. + properties: + ultraSSDEnabled: + description: UltraSSDEnabled enables or disables Azure + UltraSSD capability for the virtual machine. Defaults + to true if Ultra SSD data disks are specified, otherwise + it doesn't set the capability on the VM. + type: boolean + type: object + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to + add to an instance, in addition to the ones added by default + by the Azure provider. If both the AzureCluster and the + AzureMachine specify the same tag name with different values, + the AzureMachine's value takes precedence. + type: object + allocatePublicIP: + description: AllocatePublicIP allows the ability to create + dynamic public ips for machines where this value is true. + type: boolean + dataDisks: + description: DataDisk specifies the parameters that are used + to add one or more data disks to the machine + items: + description: DataDisk specifies the parameters that are + used to add one or more data disks to the machine. + properties: + cachingType: + description: CachingType specifies the caching requirements. + enum: + - None + - ReadOnly + - ReadWrite + type: string + diskSizeGB: + description: DiskSizeGB is the size in GB to assign + to the data disk. + format: int32 + type: integer + lun: + description: Lun Specifies the logical unit number of + the data disk. This value is used to identify data + disks within the VM and therefore must be unique for + each data disk attached to a VM. The value must be + between 0 and 63. + format: int32 + type: integer + managedDisk: + description: ManagedDisk specifies the Managed Disk + parameters for the data disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed + disk. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityProfile: + description: SecurityProfile specifies the security + profile for the managed disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the + customer-managed disk encryption set resource + id for the managed disk that is used for Customer + Managed Key encrypted ConfidentialVM OS Disk + and VMGuest blob. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityEncryptionType: + description: SecurityEncryptionType specifies + the encryption type of the managed disk. It + is set to DiskWithVMGuestState to encrypt + the managed disk along with the VMGuestState + blob, and to VMGuestStateOnly to encrypt the + VMGuestState blob only. When set to VMGuestStateOnly, + VirtualizedTrustedPlatformModule should be + set to Enabled. When set to DiskWithVMGuestState, + EncryptionAtHost should be disabled, SecureBoot + and VirtualizedTrustedPlatformModule should + be set to Enabled. It can be set only for + Confidential VMs. + enum: + - VMGuestStateOnly + - DiskWithVMGuestState + type: string + type: object + storageAccountType: + type: string + type: object + nameSuffix: + description: NameSuffix is the suffix to be appended + to the machine name to generate the disk name. Each + disk name will be in format _. + type: string + required: + - diskSizeGB + - nameSuffix + type: object + type: array + diagnostics: + description: Diagnostics specifies the diagnostics settings + for a virtual machine. If not specified then Boot diagnostics + (Managed) will be enabled. + properties: + boot: + description: Boot configures the boot diagnostics settings + for the virtual machine. This allows to configure capturing + serial output from the virtual machine on boot. This + is useful for debugging software based launch issues. + If not specified then Boot diagnostics (Managed) will + be enabled. + properties: + storageAccountType: + description: StorageAccountType determines if the + storage account for storing the diagnostics data + should be disabled (Disabled), provisioned by Azure + (Managed) or by the user (UserManaged). + enum: + - Managed + - UserManaged + - Disabled + type: string + userManaged: + description: UserManaged provides a reference to the + user-managed storage account. + properties: + storageAccountURI: + description: 'StorageAccountURI is the URI of + the user-managed storage account. The URI typically + will be `https://.blob.core.windows.net/` + but may differ if you are using Azure DNS zone + endpoints. You can find the correct endpoint + by looking for the Blob Primary Endpoint in + the endpoints tab in the Azure console or with + the CLI by issuing `az storage account list + --query=''[].{name: name, "resource group": + resourceGroup, "blob endpoint": primaryEndpoints.blob}''`.' + maxLength: 1024 + pattern: ^https:// + type: string + required: + - storageAccountURI + type: object + required: + - storageAccountType + type: object + type: object + dnsServers: + description: DNSServers adds a list of DNS Server IP addresses + to the VM NICs. + items: + type: string + type: array + enableIPForwarding: + description: EnableIPForwarding enables IP Forwarding in Azure + which is required for some CNI's to send traffic from a + pods on one machine to another. This is required for IpV6 + with Calico in combination with User Defined Routes (set + by the Azure Cloud Controller manager). Default is false + for disabled. + type: boolean + failureDomain: + description: FailureDomain is the failure domain unique identifier + this Machine should be attached to, as defined in Cluster + API. This relates to an Azure Availability Zone + type: string + identity: + default: None + description: Identity is the type of identity used for the + virtual machine. The type 'SystemAssigned' is an implicitly + created identity. The generated identity will be assigned + a Subscription contributor role. The type 'UserAssigned' + is a standalone Azure resource provided by the user and + assigned to the VM + enum: + - None + - SystemAssigned + - UserAssigned + type: string + image: + description: Image is used to provide details of an image + to use during VM creation. If image details are omitted + the image will default the Azure Marketplace "capi" offer, + which is based on Ubuntu. + properties: + computeGallery: + description: ComputeGallery specifies an image to use + from the Azure Compute Gallery + properties: + gallery: + description: Gallery specifies the name of the compute + image gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + plan: + description: Plan contains plan information. + properties: + offer: + description: Offer specifies the name of a group + of related images created by the publisher. + For example, UbuntuServer, WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization + that created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, + such as a major release of a distribution. For + example, 18.04-LTS, 2019-Datacenter + minLength: 1 + type: string + required: + - offer + - publisher + - sku + type: object + resourceGroup: + description: ResourceGroup specifies the resource + group containing the private compute gallery. + type: string + subscriptionID: + description: SubscriptionID is the identifier of the + subscription that contains the private compute gallery. + type: string + version: + description: Version specifies the version of the + marketplace image. The allowed formats are Major.Minor.Build + or 'latest'. Major, Minor, and Build are decimal + numbers. Specify 'latest' to use the latest version + of an image available at deploy time. Even if you + use 'latest', the VM image will not automatically + update after deploy time even if a new version becomes + available. + minLength: 1 + type: string + required: + - gallery + - name + - version + type: object + id: + description: ID specifies an image to use by ID + type: string + marketplace: + description: Marketplace specifies an image to use from + the Azure Marketplace + properties: + offer: + description: Offer specifies the name of a group of + related images created by the publisher. For example, + UbuntuServer, WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization + that created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, + such as a major release of a distribution. For example, + 18.04-LTS, 2019-Datacenter + minLength: 1 + type: string + thirdPartyImage: + default: false + description: ThirdPartyImage indicates the image is + published by a third party publisher and a Plan + will be generated for it. + type: boolean + version: + description: Version specifies the version of an image + sku. The allowed formats are Major.Minor.Build or + 'latest'. Major, Minor, and Build are decimal numbers. + Specify 'latest' to use the latest version of an + image available at deploy time. Even if you use + 'latest', the VM image will not automatically update + after deploy time even if a new version becomes + available. + minLength: 1 + type: string + required: + - offer + - publisher + - sku + - version + type: object + sharedGallery: + description: 'SharedGallery specifies an image to use + from an Azure Shared Image Gallery Deprecated: use ComputeGallery + instead.' + properties: + gallery: + description: Gallery specifies the name of the shared + image gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + offer: + description: Offer specifies the name of a group of + related images created by the publisher. For example, + UbuntuServer, WindowsServer This value will be used + to add a `Plan` in the API request when creating + the VM/VMSS resource. This is needed when the source + image from which this SIG image was built requires + the `Plan` to be used. + type: string + publisher: + description: Publisher is the name of the organization + that created the image. This value will be used + to add a `Plan` in the API request when creating + the VM/VMSS resource. This is needed when the source + image from which this SIG image was built requires + the `Plan` to be used. + type: string + resourceGroup: + description: ResourceGroup specifies the resource + group containing the shared image gallery + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, + such as a major release of a distribution. For example, + 18.04-LTS, 2019-Datacenter This value will be used + to add a `Plan` in the API request when creating + the VM/VMSS resource. This is needed when the source + image from which this SIG image was built requires + the `Plan` to be used. + type: string + subscriptionID: + description: SubscriptionID is the identifier of the + subscription that contains the shared image gallery + minLength: 1 + type: string + version: + description: Version specifies the version of the + marketplace image. The allowed formats are Major.Minor.Build + or 'latest'. Major, Minor, and Build are decimal + numbers. Specify 'latest' to use the latest version + of an image available at deploy time. Even if you + use 'latest', the VM image will not automatically + update after deploy time even if a new version becomes + available. + minLength: 1 + type: string + required: + - gallery + - name + - resourceGroup + - subscriptionID + - version + type: object + type: object + networkInterfaces: + description: NetworkInterfaces specifies a list of network + interface configurations. If left unspecified, the VM will + get a single network interface with a single IPConfig in + the subnet specified in the cluster's node subnet field. + The primary interface will be the first networkInterface + specified (index 0) in the list. + items: + description: NetworkInterface defines a network interface. + properties: + acceleratedNetworking: + description: AcceleratedNetworking enables or disables + Azure accelerated networking. If omitted, it will + be set based on whether the requested VMSize supports + accelerated networking. If AcceleratedNetworking is + set to true with a VMSize that does not support it, + Azure will return an error. + type: boolean + privateIPConfigs: + description: PrivateIPConfigs specifies the number of + private IP addresses to attach to the interface. Defaults + to 1 if not specified. + type: integer + subnetName: + description: SubnetName specifies the subnet in which + the new network interface will be placed. + type: string + type: object + type: array + osDisk: + description: OSDisk specifies the parameters for the operating + system disk of the machine + properties: + cachingType: + description: CachingType specifies the caching requirements. + enum: + - None + - ReadOnly + - ReadWrite + type: string + diffDiskSettings: + description: DiffDiskSettings describe ephemeral disk + settings for the os disk. + properties: + option: + description: Option enables ephemeral OS when set + to "Local" See https://learn.microsoft.com/azure/virtual-machines/ephemeral-os-disks + for full details + enum: + - Local + type: string + required: + - option + type: object + diskSizeGB: + description: DiskSizeGB is the size in GB to assign to + the OS disk. Will have a default of 30GB if not provided + format: int32 + type: integer + managedDisk: + description: ManagedDisk specifies the Managed Disk parameters + for the OS disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed + disk. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityProfile: + description: SecurityProfile specifies the security + profile for the managed disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed + disk that is used for Customer Managed Key encrypted + ConfidentialVM OS Disk and VMGuest blob. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityEncryptionType: + description: SecurityEncryptionType specifies + the encryption type of the managed disk. It + is set to DiskWithVMGuestState to encrypt the + managed disk along with the VMGuestState blob, + and to VMGuestStateOnly to encrypt the VMGuestState + blob only. When set to VMGuestStateOnly, VirtualizedTrustedPlatformModule + should be set to Enabled. When set to DiskWithVMGuestState, + EncryptionAtHost should be disabled, SecureBoot + and VirtualizedTrustedPlatformModule should + be set to Enabled. It can be set only for Confidential + VMs. + enum: + - VMGuestStateOnly + - DiskWithVMGuestState + type: string + type: object + storageAccountType: + type: string + type: object + osType: + type: string + required: + - osType + type: object + providerID: + description: ProviderID is the unique identifier as specified + by the cloud provider. + type: string + roleAssignmentName: + description: 'Deprecated: RoleAssignmentName should be set + in the systemAssignedIdentityRole field.' + type: string + securityProfile: + description: SecurityProfile specifies the Security profile + settings for a virtual machine. + properties: + encryptionAtHost: + description: This field indicates whether Host Encryption + should be enabled or disabled for a virtual machine + or virtual machine scale set. This should be disabled + when SecurityEncryptionType is set to DiskWithVMGuestState. + Default is disabled. + type: boolean + securityType: + description: 'SecurityType specifies the SecurityType + of the virtual machine. It has to be set to any specified + value to enable UefiSettings. The default behavior is: + UefiSettings will not be enabled unless this property + is set.' + enum: + - ConfidentialVM + - TrustedLaunch + type: string + uefiSettings: + description: UefiSettings specifies the security settings + like secure boot and vTPM used while creating the virtual + machine. + properties: + secureBootEnabled: + description: SecureBootEnabled specifies whether secure + boot should be enabled on the virtual machine. Secure + Boot verifies the digital signature of all boot + components and halts the boot process if signature + verification fails. If omitted, the platform chooses + a default, which is subject to change over time, + currently that default is false. + type: boolean + vTpmEnabled: + description: VTpmEnabled specifies whether vTPM should + be enabled on the virtual machine. When true it + enables the virtualized trusted platform module + measurements to create a known good boot integrity + policy baseline. The integrity policy baseline is + used for comparison with measurements from subsequent + VM boots to determine if anything has changed. This + is required to be set to Enabled if SecurityEncryptionType + is defined. If omitted, the platform chooses a default, + which is subject to change over time, currently + that default is false. + type: boolean + type: object + type: object + spotVMOptions: + description: SpotVMOptions allows the ability to specify the + Machine should use a Spot VM + properties: + evictionPolicy: + description: EvictionPolicy defines the behavior of the + virtual machine when it is evicted. It can be either + Delete or Deallocate. + enum: + - Deallocate + - Delete + type: string + maxPrice: + anyOf: + - type: integer + - type: string + description: MaxPrice defines the maximum price the user + is willing to pay for Spot VM instances + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + sshPublicKey: + description: SSHPublicKey is the SSH public key string, base64-encoded + to add to a Virtual Machine. Linux only. Refer to documentation + on how to set up SSH access on Windows instances. + type: string + subnetName: + description: 'Deprecated: SubnetName should be set in the + networkInterfaces field.' + type: string + systemAssignedIdentityRole: + description: SystemAssignedIdentityRole defines the role and + scope to assign to the system-assigned identity. + properties: + definitionID: + description: 'DefinitionID is the ID of the role definition + to create for a system assigned identity. It can be + an Azure built-in role or a custom role. Refer to built-in + roles: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles' + type: string + name: + description: Name is the name of the role assignment to + create for a system assigned identity. It can be any + valid UUID. If not specified, a random UUID will be + generated. + type: string + scope: + description: Scope is the scope that the role assignment + or definition applies to. The scope can be any REST + resource instance. If not specified, the scope will + be the subscription. + type: string + type: object + userAssignedIdentities: + description: UserAssignedIdentities is a list of standalone + Azure identities provided by the user The lifecycle of a + user-assigned identity is managed separately from the lifecycle + of the AzureMachine. See https://learn.microsoft.com/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-cli + items: + description: UserAssignedIdentity defines the user-assigned + identities provided by the user to be assigned to Azure + resources. + properties: + providerID: + description: 'ProviderID is the identification ID of + the user-assigned Identity, the format of an identity + is: ''azure:///subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''' + type: string + required: + - providerID + type: object + type: array + vmExtensions: + description: VMExtensions specifies a list of extensions to + be added to the virtual machine. + items: + description: VMExtension specifies the parameters for a + custom VM extension. + properties: + name: + description: Name is the name of the extension. + type: string + protectedSettings: + additionalProperties: + type: string + description: ProtectedSettings is a JSON formatted protected + settings for the extension. + type: object + publisher: + description: Publisher is the name of the extension + handler publisher. + type: string + settings: + additionalProperties: + type: string + description: Settings is a JSON formatted public settings + for the extension. + type: object + version: + description: Version specifies the version of the script + handler. + type: string + required: + - name + - publisher + - version + type: object + type: array + vmSize: + type: string + required: + - osDisk + - vmSize + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremanagedclusters.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureManagedCluster + listKind: AzureManagedClusterList + plural: azuremanagedclusters + shortNames: + - amc + singular: azuremanagedcluster + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AzureManagedCluster is the Schema for the azuremanagedclusters + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureManagedClusterSpec defines the desired state of AzureManagedCluster. + properties: + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. Immutable, populated by the + AKS API at create. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + type: object + status: + description: AzureManagedClusterStatus defines the observed state of AzureManagedCluster. + properties: + ready: + description: Ready is true when the provider resource is ready. + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremanagedclustertemplates.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureManagedClusterTemplate + listKind: AzureManagedClusterTemplateList + plural: azuremanagedclustertemplates + shortNames: + - amct + singular: azuremanagedclustertemplate + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AzureManagedClusterTemplate is the Schema for the AzureManagedClusterTemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureManagedClusterTemplateSpec defines the desired state + of AzureManagedClusterTemplate. + properties: + template: + description: AzureManagedClusterTemplateResource describes the data + needed to create an AzureManagedCluster from a template. + properties: + spec: + description: AzureManagedClusterTemplateResourceSpec specifies + an Azure managed cluster template resource. + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremanagedcontrolplanes.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureManagedControlPlane + listKind: AzureManagedControlPlaneList + plural: azuremanagedcontrolplanes + shortNames: + - amcp + singular: azuremanagedcontrolplane + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AzureManagedControlPlane is the Schema for the azuremanagedcontrolplanes + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureManagedControlPlaneSpec defines the desired state of + AzureManagedControlPlane. + properties: + aadProfile: + description: AadProfile is Azure Active Directory configuration to + integrate with AKS for aad authentication. + properties: + adminGroupObjectIDs: + description: AdminGroupObjectIDs - AAD group object IDs that will + have admin role of the cluster. + items: + type: string + type: array + managed: + description: Managed - Whether to enable managed AAD. + type: boolean + required: + - adminGroupObjectIDs + - managed + type: object + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to Azure + resources managed by the Azure provider, in addition to the ones + added by default. + type: object + addonProfiles: + description: AddonProfiles are the profiles of managed cluster add-on. + items: + description: AddonProfile represents a managed cluster add-on. + properties: + config: + additionalProperties: + type: string + description: Config - Key-value pairs for configuring the add-on. + type: object + enabled: + description: Enabled - Whether the add-on is enabled or not. + type: boolean + name: + description: Name - The name of the managed cluster add-on. + type: string + required: + - enabled + - name + type: object + type: array + apiServerAccessProfile: + description: APIServerAccessProfile is the access profile for AKS + API server. Immutable except for `authorizedIPRanges`. + properties: + authorizedIPRanges: + description: AuthorizedIPRanges - Authorized IP Ranges to kubernetes + API server. + items: + type: string + type: array + enablePrivateCluster: + description: EnablePrivateCluster indicates whether to create + the cluster as a private cluster or not. + type: boolean + enablePrivateClusterPublicFQDN: + description: EnablePrivateClusterPublicFQDN indicates whether + to create additional public FQDN for private cluster or not. + type: boolean + privateDNSZone: + description: PrivateDNSZone enables private dns zone mode for + private cluster. + enum: + - System + - None + type: string + type: object + autoscalerProfile: + description: AutoscalerProfile is the parameters to be applied to + the cluster-autoscaler when enabled + properties: + balanceSimilarNodeGroups: + description: BalanceSimilarNodeGroups - Valid values are 'true' + and 'false'. The default is false. + enum: + - "true" + - "false" + type: string + expander: + description: Expander - If not specified, the default is 'random'. + See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information. + enum: + - least-waste + - most-pods + - priority + - random + type: string + maxEmptyBulkDelete: + description: MaxEmptyBulkDelete - The default is 10. + type: string + maxGracefulTerminationSec: + description: MaxGracefulTerminationSec - The default is 600. + pattern: ^(\d+)$ + type: string + maxNodeProvisionTime: + description: MaxNodeProvisionTime - The default is '15m'. Values + must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + maxTotalUnreadyPercentage: + description: MaxTotalUnreadyPercentage - The default is 45. The + maximum is 100 and the minimum is 0. + maxLength: 3 + minLength: 1 + pattern: ^(\d+)$ + type: string + newPodScaleUpDelay: + description: NewPodScaleUpDelay - For scenarios like burst/batch + scale where you don't want CA to act before the kubernetes scheduler + could schedule all the pods, you can tell CA to ignore unscheduled + pods before they're a certain age. The default is '0s'. Values + must be an integer followed by a unit ('s' for seconds, 'm' + for minutes, 'h' for hours, etc). + type: string + okTotalUnreadyCount: + description: OkTotalUnreadyCount - This must be an integer. The + default is 3. + pattern: ^(\d+)$ + type: string + scaleDownDelayAfterAdd: + description: ScaleDownDelayAfterAdd - The default is '10m'. Values + must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + scaleDownDelayAfterDelete: + description: ScaleDownDelayAfterDelete - The default is the scan-interval. + Values must be an integer followed by an 's'. No unit of time + other than seconds (s) is supported. + pattern: ^(\d+)s$ + type: string + scaleDownDelayAfterFailure: + description: ScaleDownDelayAfterFailure - The default is '3m'. + Values must be an integer followed by an 'm'. No unit of time + other than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + scaleDownUnneededTime: + description: ScaleDownUnneededTime - The default is '10m'. Values + must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + scaleDownUnreadyTime: + description: ScaleDownUnreadyTime - The default is '20m'. Values + must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + scaleDownUtilizationThreshold: + description: ScaleDownUtilizationThreshold - The default is '0.5'. + type: string + scanInterval: + description: ScanInterval - How often cluster is reevaluated for + scale up or down. The default is '10s'. + pattern: ^(\d+)s$ + type: string + skipNodesWithLocalStorage: + description: SkipNodesWithLocalStorage - The default is false. + enum: + - "true" + - "false" + type: string + skipNodesWithSystemPods: + description: SkipNodesWithSystemPods - The default is true. + enum: + - "true" + - "false" + type: string + type: object + azureEnvironment: + description: "AzureEnvironment is the name of the AzureCloud to be + used. The default value that would be used by most users is \"AzurePublicCloud\", + other values are: - ChinaCloud: \"AzureChinaCloud\" - PublicCloud: + \"AzurePublicCloud\" - USGovernmentCloud: \"AzureUSGovernmentCloud\" + \n Note that values other than the default must also be accompanied + by corresponding changes to the aso-controller-settings Secret to + configure ASO to refer to the non-Public cloud. ASO currently does + not support referring to multiple different clouds in a single installation. + The following fields must be defined in the Secret: - AZURE_AUTHORITY_HOST + - AZURE_RESOURCE_MANAGER_ENDPOINT - AZURE_RESOURCE_MANAGER_AUDIENCE + \n See the [ASO docs] for more details. \n [ASO docs]: https://azure.github.io/azure-service-operator/guide/aso-controller-settings-options/" + type: string + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. Immutable, populated by the + AKS API at create. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + disableLocalAccounts: + description: DisableLocalAccounts disables getting static credentials + for this cluster when set. Expected to only be used for AAD clusters. + type: boolean + dnsPrefix: + description: DNSPrefix allows the user to customize dns prefix. Immutable. + type: string + dnsServiceIP: + description: DNSServiceIP is an IP address assigned to the Kubernetes + DNS service. It must be within the Kubernetes service address range + specified in serviceCidr. Immutable. + type: string + httpProxyConfig: + description: HTTPProxyConfig is the HTTP proxy configuration for the + cluster. Immutable. + properties: + httpProxy: + description: HTTPProxy is the HTTP proxy server endpoint to use. + type: string + httpsProxy: + description: HTTPSProxy is the HTTPS proxy server endpoint to + use. + type: string + noProxy: + description: NoProxy indicates the endpoints that should not go + through proxy. + items: + type: string + type: array + trustedCa: + description: TrustedCA is the alternative CA cert to use for connecting + to proxy servers. + type: string + type: object + identity: + description: Identity configuration used by the AKS control plane. + properties: + type: + description: Type - The Identity type to use. + enum: + - SystemAssigned + - UserAssigned + type: string + userAssignedIdentityResourceID: + description: UserAssignedIdentityResourceID - Identity ARM resource + ID when using user-assigned identity. + type: string + type: object + identityRef: + description: IdentityRef is a reference to a AzureClusterIdentity + to be used when reconciling this cluster + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + kubeletUserAssignedIdentity: + description: KubeletUserAssignedIdentity is the user-assigned identity + for kubelet. For authentication with Azure Container Registry. + type: string + loadBalancerProfile: + description: LoadBalancerProfile is the profile of the cluster load + balancer. + properties: + allocatedOutboundPorts: + description: AllocatedOutboundPorts - Desired number of allocated + SNAT ports per VM. Allowed values must be in the range of 0 + to 64000 (inclusive). The default value is 0 which results in + Azure dynamically allocating ports. + type: integer + idleTimeoutInMinutes: + description: IdleTimeoutInMinutes - Desired outbound flow idle + timeout in minutes. Allowed values must be in the range of 4 + to 120 (inclusive). The default value is 30 minutes. + type: integer + managedOutboundIPs: + description: ManagedOutboundIPs - Desired managed outbound IPs + for the cluster load balancer. + type: integer + outboundIPPrefixes: + description: OutboundIPPrefixes - Desired outbound IP Prefix resources + for the cluster load balancer. + items: + type: string + type: array + outboundIPs: + description: OutboundIPs - Desired outbound IP resources for the + cluster load balancer. + items: + type: string + type: array + type: object + loadBalancerSKU: + default: Standard + description: LoadBalancerSKU is the SKU of the loadBalancer to be + provisioned. Immutable. + enum: + - Basic + - Standard + type: string + location: + description: 'Location is a string matching one of the canonical Azure + region names. Examples: "westus2", "eastus".' + type: string + machineTemplate: + description: MachineTemplate contains information about how machines + should be shaped when creating or updating a control plane. For + the AzureManagedControlPlaneTemplate, this field is used only to + fulfill the CAPI contract. + type: object + networkPlugin: + description: NetworkPlugin used for building Kubernetes network. + enum: + - azure + - kubenet + - none + type: string + networkPluginMode: + description: NetworkPluginMode is the mode the network plugin should + use. Allowed value is "overlay". + enum: + - overlay + type: string + networkPolicy: + description: NetworkPolicy used for building Kubernetes network. + enum: + - azure + - calico + type: string + nodeResourceGroupName: + description: NodeResourceGroupName is the name of the resource group + containing cluster IaaS resources. Will be populated to default + in webhook. Immutable. + type: string + oidcIssuerProfile: + description: OIDCIssuerProfile is the OIDC issuer profile of the Managed + Cluster. + properties: + enabled: + description: Enabled is whether the OIDC issuer is enabled. + type: boolean + type: object + outboundType: + description: Outbound configuration used by Nodes. + enum: + - loadBalancer + - managedNATGateway + - userAssignedNATGateway + - userDefinedRouting + type: string + resourceGroupName: + description: ResourceGroupName is the name of the Azure resource group + for this AKS Cluster. Immutable. + type: string + sku: + description: SKU is the SKU of the AKS to be provisioned. + properties: + tier: + description: Tier - Tier of an AKS cluster. + enum: + - Free + - Paid + - Standard + type: string + required: + - tier + type: object + sshPublicKey: + description: SSHPublicKey is a string literal containing an ssh public + key base64 encoded. Use empty string to autogenerate new key. Use + null value to not set key. Immutable. + type: string + subscriptionID: + description: SubscriptionID is the GUID of the Azure subscription + that owns this cluster. + type: string + version: + description: Version defines the desired Kubernetes version. + minLength: 2 + type: string + virtualNetwork: + description: VirtualNetwork describes the virtual network for the + AKS cluster. It will be created if it does not already exist. + properties: + cidrBlock: + type: string + name: + type: string + resourceGroup: + description: ResourceGroup is the name of the Azure resource group + for the VNet and Subnet. + type: string + subnet: + description: ManagedControlPlaneSubnet describes a subnet for + an AKS cluster. + properties: + cidrBlock: + type: string + name: + type: string + privateEndpoints: + description: PrivateEndpoints is a slice of Virtual Network + private endpoints to create for the subnets. + items: + description: PrivateEndpointSpec configures an Azure Private + Endpoint. + properties: + applicationSecurityGroups: + description: ApplicationSecurityGroups specifies the + Application security group in which the private endpoint + IP configuration is included. + items: + type: string + type: array + customNetworkInterfaceName: + description: CustomNetworkInterfaceName specifies the + network interface name associated with the private + endpoint. + type: string + location: + description: Location specifies the region to create + the private endpoint. + type: string + manualApproval: + description: ManualApproval specifies if the connection + approval needs to be done manually or not. Set it + true when the network admin does not have access to + approve connections to the remote resource. Defaults + to false. + type: boolean + name: + description: Name specifies the name of the private + endpoint. + type: string + privateIPAddresses: + description: PrivateIPAddresses specifies the IP addresses + for the network interface associated with the private + endpoint. They have to be part of the subnet where + the private endpoint is linked. + items: + type: string + type: array + privateLinkServiceConnections: + description: PrivateLinkServiceConnections specifies + Private Link Service Connections of the private endpoint. + items: + description: PrivateLinkServiceConnection defines + the specification for a private link service connection + associated with a private endpoint. + properties: + groupIDs: + description: GroupIDs specifies the ID(s) of the + group(s) obtained from the remote resource that + this private endpoint should connect to. + items: + type: string + type: array + name: + description: Name specifies the name of the private + link service. + type: string + privateLinkServiceID: + description: PrivateLinkServiceID specifies the + resource ID of the private link service. + type: string + requestMessage: + description: RequestMessage specifies a message + passed to the owner of the remote resource with + the private endpoint connection request. + maxLength: 140 + type: string + type: object + type: array + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + serviceEndpoints: + description: ServiceEndpoints is a slice of Virtual Network + service endpoints to enable for the subnets. + items: + description: ServiceEndpointSpec configures an Azure Service + Endpoint. + properties: + locations: + items: + type: string + type: array + service: + type: string + required: + - locations + - service + type: object + type: array + x-kubernetes-list-map-keys: + - service + x-kubernetes-list-type: map + required: + - cidrBlock + - name + type: object + required: + - cidrBlock + - name + type: object + required: + - identityRef + - location + - resourceGroupName + - version + type: object + status: + description: AzureManagedControlPlaneStatus defines the observed state + of AzureManagedControlPlane. + properties: + conditions: + description: Conditions defines current service state of the AzureManagedControlPlane. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + initialized: + description: Initialized is true when the control plane is available + for initial contact. This may occur before the control plane is + fully ready. In the AzureManagedControlPlane implementation, these + are identical. + type: boolean + longRunningOperationStates: + description: LongRunningOperationStates saves the states for Azure + long-running operations so they can be continued on the next reconciliation + loop. + items: + description: Future contains the data needed for an Azure long-running + operation to continue across reconcile loops. + properties: + data: + description: Data is the base64 url encoded json Azure AutoRest + Future. + type: string + name: + description: Name is the name of the Azure resource. Together + with the service name, this forms the unique identifier for + the future. + type: string + resourceGroup: + description: ResourceGroup is the Azure resource group for the + resource. + type: string + serviceName: + description: ServiceName is the name of the Azure service. Together + with the name of the resource, this forms the unique identifier + for the future. + type: string + type: + description: Type describes the type of future, such as update, + create, delete, etc. + type: string + required: + - data + - name + - serviceName + - type + type: object + type: array + oidcIssuerProfile: + description: OIDCIssuerProfile is the OIDC issuer profile of the Managed + Cluster. + properties: + issuerURL: + description: IssuerURL is the OIDC issuer url of the Managed Cluster. + type: string + type: object + ready: + description: Ready is true when the provider resource is ready. + type: boolean + version: + description: Version defines the Kubernetes version for the control + plane instance. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremanagedcontrolplanetemplates.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureManagedControlPlaneTemplate + listKind: AzureManagedControlPlaneTemplateList + plural: azuremanagedcontrolplanetemplates + shortNames: + - amcpt + singular: azuremanagedcontrolplanetemplate + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AzureManagedControlPlaneTemplate is the Schema for the AzureManagedControlPlaneTemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureManagedControlPlaneTemplateSpec defines the desired + state of AzureManagedControlPlaneTemplate. + properties: + template: + description: AzureManagedControlPlaneTemplateResource describes the + data needed to create an AzureManagedCluster from a template. + properties: + spec: + description: AzureManagedControlPlaneTemplateResourceSpec specifies + an Azure managed control plane template resource. + properties: + aadProfile: + description: AadProfile is Azure Active Directory configuration + to integrate with AKS for aad authentication. + properties: + adminGroupObjectIDs: + description: AdminGroupObjectIDs - AAD group object IDs + that will have admin role of the cluster. + items: + type: string + type: array + managed: + description: Managed - Whether to enable managed AAD. + type: boolean + required: + - adminGroupObjectIDs + - managed + type: object + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to + add to Azure resources managed by the Azure provider, in + addition to the ones added by default. + type: object + addonProfiles: + description: AddonProfiles are the profiles of managed cluster + add-on. + items: + description: AddonProfile represents a managed cluster add-on. + properties: + config: + additionalProperties: + type: string + description: Config - Key-value pairs for configuring + the add-on. + type: object + enabled: + description: Enabled - Whether the add-on is enabled + or not. + type: boolean + name: + description: Name - The name of the managed cluster + add-on. + type: string + required: + - enabled + - name + type: object + type: array + apiServerAccessProfile: + description: APIServerAccessProfile is the access profile + for AKS API server. Immutable except for `authorizedIPRanges`. + properties: + authorizedIPRanges: + description: AuthorizedIPRanges - Authorized IP Ranges + to kubernetes API server. + items: + type: string + type: array + enablePrivateCluster: + description: EnablePrivateCluster indicates whether to + create the cluster as a private cluster or not. + type: boolean + enablePrivateClusterPublicFQDN: + description: EnablePrivateClusterPublicFQDN indicates + whether to create additional public FQDN for private + cluster or not. + type: boolean + privateDNSZone: + description: PrivateDNSZone enables private dns zone mode + for private cluster. + enum: + - System + - None + type: string + type: object + autoscalerProfile: + description: AutoscalerProfile is the parameters to be applied + to the cluster-autoscaler when enabled + properties: + balanceSimilarNodeGroups: + description: BalanceSimilarNodeGroups - Valid values are + 'true' and 'false'. The default is false. + enum: + - "true" + - "false" + type: string + expander: + description: Expander - If not specified, the default + is 'random'. See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information. + enum: + - least-waste + - most-pods + - priority + - random + type: string + maxEmptyBulkDelete: + description: MaxEmptyBulkDelete - The default is 10. + type: string + maxGracefulTerminationSec: + description: MaxGracefulTerminationSec - The default is + 600. + pattern: ^(\d+)$ + type: string + maxNodeProvisionTime: + description: MaxNodeProvisionTime - The default is '15m'. + Values must be an integer followed by an 'm'. No unit + of time other than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + maxTotalUnreadyPercentage: + description: MaxTotalUnreadyPercentage - The default is + 45. The maximum is 100 and the minimum is 0. + maxLength: 3 + minLength: 1 + pattern: ^(\d+)$ + type: string + newPodScaleUpDelay: + description: NewPodScaleUpDelay - For scenarios like burst/batch + scale where you don't want CA to act before the kubernetes + scheduler could schedule all the pods, you can tell + CA to ignore unscheduled pods before they're a certain + age. The default is '0s'. Values must be an integer + followed by a unit ('s' for seconds, 'm' for minutes, + 'h' for hours, etc). + type: string + okTotalUnreadyCount: + description: OkTotalUnreadyCount - This must be an integer. + The default is 3. + pattern: ^(\d+)$ + type: string + scaleDownDelayAfterAdd: + description: ScaleDownDelayAfterAdd - The default is '10m'. + Values must be an integer followed by an 'm'. No unit + of time other than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + scaleDownDelayAfterDelete: + description: ScaleDownDelayAfterDelete - The default is + the scan-interval. Values must be an integer followed + by an 's'. No unit of time other than seconds (s) is + supported. + pattern: ^(\d+)s$ + type: string + scaleDownDelayAfterFailure: + description: ScaleDownDelayAfterFailure - The default + is '3m'. Values must be an integer followed by an 'm'. + No unit of time other than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + scaleDownUnneededTime: + description: ScaleDownUnneededTime - The default is '10m'. + Values must be an integer followed by an 'm'. No unit + of time other than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + scaleDownUnreadyTime: + description: ScaleDownUnreadyTime - The default is '20m'. + Values must be an integer followed by an 'm'. No unit + of time other than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + scaleDownUtilizationThreshold: + description: ScaleDownUtilizationThreshold - The default + is '0.5'. + type: string + scanInterval: + description: ScanInterval - How often cluster is reevaluated + for scale up or down. The default is '10s'. + pattern: ^(\d+)s$ + type: string + skipNodesWithLocalStorage: + description: SkipNodesWithLocalStorage - The default is + false. + enum: + - "true" + - "false" + type: string + skipNodesWithSystemPods: + description: SkipNodesWithSystemPods - The default is + true. + enum: + - "true" + - "false" + type: string + type: object + azureEnvironment: + description: "AzureEnvironment is the name of the AzureCloud + to be used. The default value that would be used by most + users is \"AzurePublicCloud\", other values are: - ChinaCloud: + \"AzureChinaCloud\" - PublicCloud: \"AzurePublicCloud\" + - USGovernmentCloud: \"AzureUSGovernmentCloud\" \n Note + that values other than the default must also be accompanied + by corresponding changes to the aso-controller-settings + Secret to configure ASO to refer to the non-Public cloud. + ASO currently does not support referring to multiple different + clouds in a single installation. The following fields must + be defined in the Secret: - AZURE_AUTHORITY_HOST - AZURE_RESOURCE_MANAGER_ENDPOINT + - AZURE_RESOURCE_MANAGER_AUDIENCE \n See the [ASO docs] + for more details. \n [ASO docs]: https://azure.github.io/azure-service-operator/guide/aso-controller-settings-options/" + type: string + disableLocalAccounts: + description: DisableLocalAccounts disables getting static + credentials for this cluster when set. Expected to only + be used for AAD clusters. + type: boolean + dnsServiceIP: + description: DNSServiceIP is an IP address assigned to the + Kubernetes DNS service. It must be within the Kubernetes + service address range specified in serviceCidr. Immutable. + type: string + httpProxyConfig: + description: HTTPProxyConfig is the HTTP proxy configuration + for the cluster. Immutable. + properties: + httpProxy: + description: HTTPProxy is the HTTP proxy server endpoint + to use. + type: string + httpsProxy: + description: HTTPSProxy is the HTTPS proxy server endpoint + to use. + type: string + noProxy: + description: NoProxy indicates the endpoints that should + not go through proxy. + items: + type: string + type: array + trustedCa: + description: TrustedCA is the alternative CA cert to use + for connecting to proxy servers. + type: string + type: object + identity: + description: Identity configuration used by the AKS control + plane. + properties: + type: + description: Type - The Identity type to use. + enum: + - SystemAssigned + - UserAssigned + type: string + userAssignedIdentityResourceID: + description: UserAssignedIdentityResourceID - Identity + ARM resource ID when using user-assigned identity. + type: string + type: object + identityRef: + description: IdentityRef is a reference to a AzureClusterIdentity + to be used when reconciling this cluster + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + kubeletUserAssignedIdentity: + description: KubeletUserAssignedIdentity is the user-assigned + identity for kubelet. For authentication with Azure Container + Registry. + type: string + loadBalancerProfile: + description: LoadBalancerProfile is the profile of the cluster + load balancer. + properties: + allocatedOutboundPorts: + description: AllocatedOutboundPorts - Desired number of + allocated SNAT ports per VM. Allowed values must be + in the range of 0 to 64000 (inclusive). The default + value is 0 which results in Azure dynamically allocating + ports. + type: integer + idleTimeoutInMinutes: + description: IdleTimeoutInMinutes - Desired outbound flow + idle timeout in minutes. Allowed values must be in the + range of 4 to 120 (inclusive). The default value is + 30 minutes. + type: integer + managedOutboundIPs: + description: ManagedOutboundIPs - Desired managed outbound + IPs for the cluster load balancer. + type: integer + outboundIPPrefixes: + description: OutboundIPPrefixes - Desired outbound IP + Prefix resources for the cluster load balancer. + items: + type: string + type: array + outboundIPs: + description: OutboundIPs - Desired outbound IP resources + for the cluster load balancer. + items: + type: string + type: array + type: object + loadBalancerSKU: + default: Standard + description: LoadBalancerSKU is the SKU of the loadBalancer + to be provisioned. Immutable. + enum: + - Basic + - Standard + type: string + location: + description: 'Location is a string matching one of the canonical + Azure region names. Examples: "westus2", "eastus".' + type: string + machineTemplate: + description: MachineTemplate contains information about how + machines should be shaped when creating or updating a control + plane. For the AzureManagedControlPlaneTemplate, this field + is used only to fulfill the CAPI contract. + type: object + networkPlugin: + description: NetworkPlugin used for building Kubernetes network. + enum: + - azure + - kubenet + - none + type: string + networkPluginMode: + description: NetworkPluginMode is the mode the network plugin + should use. Allowed value is "overlay". + enum: + - overlay + type: string + networkPolicy: + description: NetworkPolicy used for building Kubernetes network. + enum: + - azure + - calico + type: string + oidcIssuerProfile: + description: OIDCIssuerProfile is the OIDC issuer profile + of the Managed Cluster. + properties: + enabled: + description: Enabled is whether the OIDC issuer is enabled. + type: boolean + type: object + outboundType: + description: Outbound configuration used by Nodes. + enum: + - loadBalancer + - managedNATGateway + - userAssignedNATGateway + - userDefinedRouting + type: string + sku: + description: SKU is the SKU of the AKS to be provisioned. + properties: + tier: + description: Tier - Tier of an AKS cluster. + enum: + - Free + - Paid + - Standard + type: string + required: + - tier + type: object + subscriptionID: + description: SubscriptionID is the GUID of the Azure subscription + that owns this cluster. + type: string + version: + description: Version defines the desired Kubernetes version. + minLength: 2 + type: string + virtualNetwork: + description: VirtualNetwork describes the virtual network + for the AKS cluster. It will be created if it does not already + exist. + properties: + cidrBlock: + type: string + name: + type: string + resourceGroup: + description: ResourceGroup is the name of the Azure resource + group for the VNet and Subnet. + type: string + subnet: + description: ManagedControlPlaneSubnet describes a subnet + for an AKS cluster. + properties: + cidrBlock: + type: string + name: + type: string + privateEndpoints: + description: PrivateEndpoints is a slice of Virtual + Network private endpoints to create for the subnets. + items: + description: PrivateEndpointSpec configures an Azure + Private Endpoint. + properties: + applicationSecurityGroups: + description: ApplicationSecurityGroups specifies + the Application security group in which the + private endpoint IP configuration is included. + items: + type: string + type: array + customNetworkInterfaceName: + description: CustomNetworkInterfaceName specifies + the network interface name associated with + the private endpoint. + type: string + location: + description: Location specifies the region to + create the private endpoint. + type: string + manualApproval: + description: ManualApproval specifies if the + connection approval needs to be done manually + or not. Set it true when the network admin + does not have access to approve connections + to the remote resource. Defaults to false. + type: boolean + name: + description: Name specifies the name of the + private endpoint. + type: string + privateIPAddresses: + description: PrivateIPAddresses specifies the + IP addresses for the network interface associated + with the private endpoint. They have to be + part of the subnet where the private endpoint + is linked. + items: + type: string + type: array + privateLinkServiceConnections: + description: PrivateLinkServiceConnections specifies + Private Link Service Connections of the private + endpoint. + items: + description: PrivateLinkServiceConnection + defines the specification for a private + link service connection associated with + a private endpoint. + properties: + groupIDs: + description: GroupIDs specifies the ID(s) + of the group(s) obtained from the remote + resource that this private endpoint + should connect to. + items: + type: string + type: array + name: + description: Name specifies the name of + the private link service. + type: string + privateLinkServiceID: + description: PrivateLinkServiceID specifies + the resource ID of the private link + service. + type: string + requestMessage: + description: RequestMessage specifies + a message passed to the owner of the + remote resource with the private endpoint + connection request. + maxLength: 140 + type: string + type: object + type: array + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + serviceEndpoints: + description: ServiceEndpoints is a slice of Virtual + Network service endpoints to enable for the subnets. + items: + description: ServiceEndpointSpec configures an Azure + Service Endpoint. + properties: + locations: + items: + type: string + type: array + service: + type: string + required: + - locations + - service + type: object + type: array + x-kubernetes-list-map-keys: + - service + x-kubernetes-list-type: map + required: + - cidrBlock + - name + type: object + required: + - cidrBlock + - name + type: object + required: + - identityRef + - location + - version + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremanagedmachinepools.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureManagedMachinePool + listKind: AzureManagedMachinePoolList + plural: azuremanagedmachinepools + shortNames: + - ammp + singular: azuremanagedmachinepool + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.mode + name: Mode + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: AzureManagedMachinePool is the Schema for the azuremanagedmachinepools + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureManagedMachinePoolSpec defines the desired state of + AzureManagedMachinePool. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to Azure + resources managed by the Azure provider, in addition to the ones + added by default. + type: object + availabilityZones: + description: AvailabilityZones - Availability zones for nodes. Must + use VirtualMachineScaleSets AgentPoolType. Immutable. + items: + type: string + type: array + enableEncryptionAtHost: + description: "EnableEncryptionAtHost indicates whether host encryption + is enabled on the node pool. Immutable. See also [AKS doc]. \n [AKS + doc]: https://learn.microsoft.com/en-us/azure/aks/enable-host-encryption" + type: boolean + enableFIPS: + description: EnableFIPS indicates whether FIPS is enabled on the node + pool. Immutable. + type: boolean + enableNodePublicIP: + description: EnableNodePublicIP controls whether or not nodes in the + pool each have a public IP address. Immutable. + type: boolean + enableUltraSSD: + description: EnableUltraSSD enables the storage type UltraSSD_LRS + for the agent pool. Immutable. + type: boolean + kubeletConfig: + description: KubeletConfig specifies the kubelet configurations for + nodes. Immutable. + properties: + allowedUnsafeSysctls: + description: AllowedUnsafeSysctls - Allowlist of unsafe sysctls + or unsafe sysctl patterns (ending in `*`). Valid values match + `kernel.shm*`, `kernel.msg*`, `kernel.sem`, `fs.mqueue.*`, or + `net.*`. + items: + type: string + type: array + containerLogMaxFiles: + description: ContainerLogMaxFiles - The maximum number of container + log files that can be present for a container. The number must + be ≥ 2. + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: ContainerLogMaxSizeMB - The maximum size in MB of + a container log file before it is rotated. + type: integer + cpuCfsQuota: + description: CPUCfsQuota - Enable CPU CFS quota enforcement for + containers that specify CPU limits. + type: boolean + cpuCfsQuotaPeriod: + description: CPUCfsQuotaPeriod - Sets CPU CFS quota period value. + Must end in "ms", e.g. "100ms" + type: string + cpuManagerPolicy: + description: CPUManagerPolicy - CPU Manager policy to use. + enum: + - none + - static + type: string + failSwapOn: + description: FailSwapOn - If set to true it will make the Kubelet + fail to start if swap is enabled on the node. + type: boolean + imageGcHighThreshold: + description: ImageGcHighThreshold - The percent of disk usage + after which image garbage collection is always run. Valid values + are 0-100 (inclusive). + maximum: 100 + minimum: 0 + type: integer + imageGcLowThreshold: + description: ImageGcLowThreshold - The percent of disk usage before + which image garbage collection is never run. Valid values are + 0-100 (inclusive) and must be less than `imageGcHighThreshold`. + maximum: 100 + minimum: 0 + type: integer + podMaxPids: + description: PodMaxPids - The maximum number of processes per + pod. Must not exceed kernel PID limit. -1 disables the limit. + minimum: -1 + type: integer + topologyManagerPolicy: + description: TopologyManagerPolicy - Topology Manager policy to + use. + enum: + - none + - best-effort + - restricted + - single-numa-node + type: string + type: object + kubeletDiskType: + description: "KubeletDiskType specifies the kubelet disk type. Default + to OS. Possible values include: 'OS', 'Temporary'. Requires Microsoft.ContainerService/KubeletDisk + preview feature to be set. Immutable. See also [AKS doc]. \n [AKS + doc]: https://learn.microsoft.com/rest/api/aks/agent-pools/create-or-update?tabs=HTTP#kubeletdisktype" + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: LinuxOSConfig specifies the custom Linux OS settings + and configurations. Immutable. + properties: + swapFileSizeMB: + description: "SwapFileSizeMB specifies size in MB of a swap file + will be created on the agent nodes from this node pool. Max + value of SwapFileSizeMB should be the size of temporary disk(/dev/sdb). + Must be at least 1. See also [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/azure/virtual-machines/managed-disks-overview#temporary-disk" + minimum: 1 + type: integer + sysctls: + description: Sysctl specifies the settings for Linux agent nodes. + properties: + fsAioMaxNr: + description: FsAioMaxNr specifies the maximum number of system-wide + asynchronous io requests. Valid values are 65536-6553500 + (inclusive). Maps to fs.aio-max-nr. + maximum: 6553500 + minimum: 65536 + type: integer + fsFileMax: + description: FsFileMax specifies the max number of file-handles + that the Linux kernel will allocate, by increasing increases + the maximum number of open files permitted. Valid values + are 8192-12000500 (inclusive). Maps to fs.file-max. + maximum: 12000500 + minimum: 8192 + type: integer + fsInotifyMaxUserWatches: + description: FsInotifyMaxUserWatches specifies the number + of file watches allowed by the system. Each watch is roughly + 90 bytes on a 32-bit kernel, and roughly 160 bytes on a + 64-bit kernel. Valid values are 781250-2097152 (inclusive). + Maps to fs.inotify.max_user_watches. + maximum: 2097152 + minimum: 781250 + type: integer + fsNrOpen: + description: FsNrOpen specifies the maximum number of file-handles + a process can allocate. Valid values are 8192-20000500 (inclusive). + Maps to fs.nr_open. + maximum: 20000500 + minimum: 8192 + type: integer + kernelThreadsMax: + description: KernelThreadsMax specifies the maximum number + of all threads that can be created. Valid values are 20-513785 + (inclusive). Maps to kernel.threads-max. + maximum: 513785 + minimum: 20 + type: integer + netCoreNetdevMaxBacklog: + description: NetCoreNetdevMaxBacklog specifies maximum number + of packets, queued on the INPUT side, when the interface + receives packets faster than kernel can process them. Valid + values are 1000-3240000 (inclusive). Maps to net.core.netdev_max_backlog. + maximum: 3240000 + minimum: 1000 + type: integer + netCoreOptmemMax: + description: NetCoreOptmemMax specifies the maximum ancillary + buffer size (option memory buffer) allowed per socket. Socket + option memory is used in a few cases to store extra structures + relating to usage of the socket. Valid values are 20480-4194304 + (inclusive). Maps to net.core.optmem_max. + maximum: 4194304 + minimum: 20480 + type: integer + netCoreRmemDefault: + description: NetCoreRmemDefault specifies the default receive + socket buffer size in bytes. Valid values are 212992-134217728 + (inclusive). Maps to net.core.rmem_default. + maximum: 134217728 + minimum: 212992 + type: integer + netCoreRmemMax: + description: NetCoreRmemMax specifies the maximum receive + socket buffer size in bytes. Valid values are 212992-134217728 + (inclusive). Maps to net.core.rmem_max. + maximum: 134217728 + minimum: 212992 + type: integer + netCoreSomaxconn: + description: NetCoreSomaxconn specifies maximum number of + connection requests that can be queued for any given listening + socket. An upper limit for the value of the backlog parameter + passed to the listen(2)(https://man7.org/linux/man-pages/man2/listen.2.html) + function. If the backlog argument is greater than the somaxconn, + then it's silently truncated to this limit. Valid values + are 4096-3240000 (inclusive). Maps to net.core.somaxconn. + maximum: 3240000 + minimum: 4096 + type: integer + netCoreWmemDefault: + description: NetCoreWmemDefault specifies the default send + socket buffer size in bytes. Valid values are 212992-134217728 + (inclusive). Maps to net.core.wmem_default. + maximum: 134217728 + minimum: 212992 + type: integer + netCoreWmemMax: + description: NetCoreWmemMax specifies the maximum send socket + buffer size in bytes. Valid values are 212992-134217728 + (inclusive). Maps to net.core.wmem_max. + maximum: 134217728 + minimum: 212992 + type: integer + netIpv4IPLocalPortRange: + description: NetIpv4IPLocalPortRange is used by TCP and UDP + traffic to choose the local port on the agent node. PortRange + should be specified in the format "first last". First, being + an integer, must be between [1024 - 60999]. Last, being + an integer, must be between [32768 - 65000]. Maps to net.ipv4.ip_local_port_range. + type: string + netIpv4NeighDefaultGcThresh1: + description: NetIpv4NeighDefaultGcThresh1 specifies the minimum + number of entries that may be in the ARP cache. Garbage + collection won't be triggered if the number of entries is + below this setting. Valid values are 128-80000 (inclusive). + Maps to net.ipv4.neigh.default.gc_thresh1. + maximum: 80000 + minimum: 128 + type: integer + netIpv4NeighDefaultGcThresh2: + description: NetIpv4NeighDefaultGcThresh2 specifies soft maximum + number of entries that may be in the ARP cache. ARP garbage + collection will be triggered about 5 seconds after reaching + this soft maximum. Valid values are 512-90000 (inclusive). + Maps to net.ipv4.neigh.default.gc_thresh2. + maximum: 90000 + minimum: 512 + type: integer + netIpv4NeighDefaultGcThresh3: + description: NetIpv4NeighDefaultGcThresh3 specified hard maximum + number of entries in the ARP cache. Valid values are 1024-100000 + (inclusive). Maps to net.ipv4.neigh.default.gc_thresh3. + maximum: 100000 + minimum: 1024 + type: integer + netIpv4TCPFinTimeout: + description: NetIpv4TCPFinTimeout specifies the length of + time an orphaned connection will remain in the FIN_WAIT_2 + state before it's aborted at the local end. Valid values + are 5-120 (inclusive). Maps to net.ipv4.tcp_fin_timeout. + maximum: 120 + minimum: 5 + type: integer + netIpv4TCPKeepaliveProbes: + description: NetIpv4TCPKeepaliveProbes specifies the number + of keepalive probes TCP sends out, until it decides the + connection is broken. Valid values are 1-15 (inclusive). + Maps to net.ipv4.tcp_keepalive_probes. + maximum: 15 + minimum: 1 + type: integer + netIpv4TCPKeepaliveTime: + description: NetIpv4TCPKeepaliveTime specifies the rate at + which TCP sends out a keepalive message when keepalive is + enabled. Valid values are 30-432000 (inclusive). Maps to + net.ipv4.tcp_keepalive_time. + maximum: 432000 + minimum: 30 + type: integer + netIpv4TCPMaxSynBacklog: + description: NetIpv4TCPMaxSynBacklog specifies the maximum + number of queued connection requests that have still not + received an acknowledgment from the connecting client. If + this number is exceeded, the kernel will begin dropping + requests. Valid values are 128-3240000 (inclusive). Maps + to net.ipv4.tcp_max_syn_backlog. + maximum: 3240000 + minimum: 128 + type: integer + netIpv4TCPMaxTwBuckets: + description: NetIpv4TCPMaxTwBuckets specifies maximal number + of timewait sockets held by system simultaneously. If this + number is exceeded, time-wait socket is immediately destroyed + and warning is printed. Valid values are 8000-1440000 (inclusive). + Maps to net.ipv4.tcp_max_tw_buckets. + maximum: 1440000 + minimum: 8000 + type: integer + netIpv4TCPTwReuse: + description: NetIpv4TCPTwReuse is used to allow to reuse TIME-WAIT + sockets for new connections when it's safe from protocol + viewpoint. Maps to net.ipv4.tcp_tw_reuse. + type: boolean + netIpv4TCPkeepaliveIntvl: + description: NetIpv4TCPkeepaliveIntvl specifies the frequency + of the probes sent out. Multiplied by tcpKeepaliveprobes, + it makes up the time to kill a connection that isn't responding, + after probes started. Valid values are 1-75 (inclusive). + Maps to net.ipv4.tcp_keepalive_intvl. + maximum: 75 + minimum: 1 + type: integer + netNetfilterNfConntrackBuckets: + description: NetNetfilterNfConntrackBuckets specifies the + size of hash table used by nf_conntrack module to record + the established connection record of the TCP protocol. Valid + values are 65536-147456 (inclusive). Maps to net.netfilter.nf_conntrack_buckets. + maximum: 147456 + minimum: 65536 + type: integer + netNetfilterNfConntrackMax: + description: NetNetfilterNfConntrackMax specifies the maximum + number of connections supported by the nf_conntrack module + or the size of connection tracking table. Valid values are + 131072-1048576 (inclusive). Maps to net.netfilter.nf_conntrack_max. + maximum: 1048576 + minimum: 131072 + type: integer + vmMaxMapCount: + description: VMMaxMapCount specifies the maximum number of + memory map areas a process may have. Maps to vm.max_map_count. + Valid values are 65530-262144 (inclusive). + maximum: 262144 + minimum: 65530 + type: integer + vmSwappiness: + description: VMSwappiness specifies aggressiveness of the + kernel in swapping memory pages. Higher values will increase + aggressiveness, lower values decrease the amount of swap. + Valid values are 0-100 (inclusive). Maps to vm.swappiness. + maximum: 100 + minimum: 0 + type: integer + vmVfsCachePressure: + description: VMVfsCachePressure specifies the percentage value + that controls tendency of the kernel to reclaim the memory, + which is used for caching of directory and inode objects. + Valid values are 1-500 (inclusive). Maps to vm.vfs_cache_pressure. + maximum: 500 + minimum: 1 + type: integer + type: object + transparentHugePageDefrag: + description: "TransparentHugePageDefrag specifies whether the + kernel should make aggressive use of memory compaction to make + more hugepages available. See also [Linux doc]. \n [Linux doc]: + https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge + for more details." + enum: + - always + - defer + - defer+madvise + - madvise + - never + type: string + transparentHugePageEnabled: + description: "TransparentHugePageEnabled specifies various modes + of Transparent Hugepages. See also [Linux doc]. \n [Linux doc]: + https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge + for more details." + enum: + - always + - madvise + - never + type: string + type: object + maxPods: + description: "MaxPods specifies the kubelet `--max-pods` configuration + for the node pool. Immutable. See also [AKS doc], [K8s doc]. \n + [AKS doc]: https://learn.microsoft.com/azure/aks/configure-azure-cni#configure-maximum---new-clusters + [K8s doc]: https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/" + type: integer + mode: + description: 'Mode represents the mode of an agent pool. Possible + values include: System, User.' + enum: + - System + - User + type: string + name: + description: Name is the name of the agent pool. If not specified, + CAPZ uses the name of the CR as the agent pool name. Immutable. + type: string + nodeLabels: + additionalProperties: + type: string + description: "Node labels represent the labels for all of the nodes + present in node pool. See also [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/azure/aks/use-labels" + type: object + nodePublicIPPrefixID: + description: NodePublicIPPrefixID specifies the public IP prefix resource + ID which VM nodes should use IPs from. Immutable. + type: string + osDiskSizeGB: + description: OSDiskSizeGB is the disk size for every machine in this + agent pool. If you specify 0, it will apply the default osDisk size + according to the vmSize specified. Immutable. + type: integer + osDiskType: + default: Managed + description: "OsDiskType specifies the OS disk type for each node + in the pool. Allowed values are 'Ephemeral' and 'Managed' (default). + Immutable. See also [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/azure/aks/cluster-configuration#ephemeral-os" + enum: + - Ephemeral + - Managed + type: string + osType: + description: "OSType specifies the virtual machine operating system. + Default to Linux. Possible values include: 'Linux', 'Windows'. 'Windows' + requires the AzureManagedControlPlane's `spec.networkPlugin` to + be `azure`. Immutable. See also [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/rest/api/aks/agent-pools/create-or-update?tabs=HTTP#ostype" + enum: + - Linux + - Windows + type: string + providerIDList: + description: ProviderIDList is the unique identifier as specified + by the cloud provider. + items: + type: string + type: array + scaleDownMode: + default: Delete + description: 'ScaleDownMode affects the cluster autoscaler behavior. + Default to Delete. Possible values include: ''Deallocate'', ''Delete''' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority specifies the ScaleSetPriority value. + Default to Regular. Possible values include: ''Regular'', ''Spot'' + Immutable.' + enum: + - Regular + - Spot + type: string + scaling: + description: Scaling specifies the autoscaling parameters for the + node pool. + properties: + maxSize: + description: MaxSize is the maximum number of nodes for auto-scaling. + type: integer + minSize: + description: MinSize is the minimum number of nodes for auto-scaling. + type: integer + type: object + sku: + description: SKU is the size of the VMs in the node pool. Immutable. + type: string + spotMaxPrice: + anyOf: + - type: integer + - type: string + description: SpotMaxPrice defines max price to pay for spot instance. + Possible values are any decimal value greater than zero or -1. If + you set the max price to be -1, the VM won't be evicted based on + price. The price for the VM will be the current price for spot or + the price for a standard VM, which ever is less, as long as there's + capacity and quota available. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + subnetName: + description: SubnetName specifies the Subnet where the MachinePool + will be placed Immutable. + type: string + taints: + description: "Taints specifies the taints for nodes present in this + agent pool. See also [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/azure/aks/use-multiple-node-pools#setting-node-pool-taints" + items: + description: Taint represents a Kubernetes taint. + properties: + effect: + description: Effect specifies the effect for the taint + enum: + - NoSchedule + - NoExecute + - PreferNoSchedule + type: string + key: + description: Key is the key of the taint + type: string + value: + description: Value is the value of the taint + type: string + required: + - effect + - key + - value + type: object + type: array + required: + - mode + - sku + type: object + status: + description: AzureManagedMachinePoolStatus defines the observed state + of AzureManagedMachinePool. + properties: + conditions: + description: Conditions defines current service state of the AzureManagedControlPlane. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + errorMessage: + description: Any transient errors that occur during the reconciliation + of Machines can be added as events to the Machine object and/or + logged in the controller's output. + type: string + errorReason: + description: Any transient errors that occur during the reconciliation + of Machines can be added as events to the Machine object and/or + logged in the controller's output. + type: string + longRunningOperationStates: + description: LongRunningOperationStates saves the states for Azure + long-running operations so they can be continued on the next reconciliation + loop. + items: + description: Future contains the data needed for an Azure long-running + operation to continue across reconcile loops. + properties: + data: + description: Data is the base64 url encoded json Azure AutoRest + Future. + type: string + name: + description: Name is the name of the Azure resource. Together + with the service name, this forms the unique identifier for + the future. + type: string + resourceGroup: + description: ResourceGroup is the Azure resource group for the + resource. + type: string + serviceName: + description: ServiceName is the name of the Azure service. Together + with the name of the resource, this forms the unique identifier + for the future. + type: string + type: + description: Type describes the type of future, such as update, + create, delete, etc. + type: string + required: + - data + - name + - serviceName + - type + type: object + type: array + ready: + description: Ready is true when the provider resource is ready. + type: boolean + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremanagedmachinepooltemplates.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureManagedMachinePoolTemplate + listKind: AzureManagedMachinePoolTemplateList + plural: azuremanagedmachinepooltemplates + shortNames: + - ammpt + singular: azuremanagedmachinepooltemplate + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AzureManagedMachinePoolTemplate is the Schema for the AzureManagedMachinePoolTemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureManagedMachinePoolTemplateSpec defines the desired state + of AzureManagedMachinePoolTemplate. + properties: + template: + description: AzureManagedMachinePoolTemplateResource describes the + data needed to create an AzureManagedCluster from a template. + properties: + spec: + description: AzureManagedMachinePoolTemplateResourceSpec specifies + an Azure managed control plane template resource. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to + add to Azure resources managed by the Azure provider, in + addition to the ones added by default. + type: object + availabilityZones: + description: AvailabilityZones - Availability zones for nodes. + Must use VirtualMachineScaleSets AgentPoolType. Immutable. + items: + type: string + type: array + enableEncryptionAtHost: + description: "EnableEncryptionAtHost indicates whether host + encryption is enabled on the node pool. Immutable. See also + [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/en-us/azure/aks/enable-host-encryption" + type: boolean + enableFIPS: + description: EnableFIPS indicates whether FIPS is enabled + on the node pool. Immutable. + type: boolean + enableNodePublicIP: + description: EnableNodePublicIP controls whether or not nodes + in the pool each have a public IP address. Immutable. + type: boolean + enableUltraSSD: + description: EnableUltraSSD enables the storage type UltraSSD_LRS + for the agent pool. Immutable. + type: boolean + kubeletConfig: + description: KubeletConfig specifies the kubelet configurations + for nodes. Immutable. + properties: + allowedUnsafeSysctls: + description: AllowedUnsafeSysctls - Allowlist of unsafe + sysctls or unsafe sysctl patterns (ending in `*`). Valid + values match `kernel.shm*`, `kernel.msg*`, `kernel.sem`, + `fs.mqueue.*`, or `net.*`. + items: + type: string + type: array + containerLogMaxFiles: + description: ContainerLogMaxFiles - The maximum number + of container log files that can be present for a container. + The number must be ≥ 2. + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: ContainerLogMaxSizeMB - The maximum size + in MB of a container log file before it is rotated. + type: integer + cpuCfsQuota: + description: CPUCfsQuota - Enable CPU CFS quota enforcement + for containers that specify CPU limits. + type: boolean + cpuCfsQuotaPeriod: + description: CPUCfsQuotaPeriod - Sets CPU CFS quota period + value. Must end in "ms", e.g. "100ms" + type: string + cpuManagerPolicy: + description: CPUManagerPolicy - CPU Manager policy to + use. + enum: + - none + - static + type: string + failSwapOn: + description: FailSwapOn - If set to true it will make + the Kubelet fail to start if swap is enabled on the + node. + type: boolean + imageGcHighThreshold: + description: ImageGcHighThreshold - The percent of disk + usage after which image garbage collection is always + run. Valid values are 0-100 (inclusive). + maximum: 100 + minimum: 0 + type: integer + imageGcLowThreshold: + description: ImageGcLowThreshold - The percent of disk + usage before which image garbage collection is never + run. Valid values are 0-100 (inclusive) and must be + less than `imageGcHighThreshold`. + maximum: 100 + minimum: 0 + type: integer + podMaxPids: + description: PodMaxPids - The maximum number of processes + per pod. Must not exceed kernel PID limit. -1 disables + the limit. + minimum: -1 + type: integer + topologyManagerPolicy: + description: TopologyManagerPolicy - Topology Manager + policy to use. + enum: + - none + - best-effort + - restricted + - single-numa-node + type: string + type: object + kubeletDiskType: + description: "KubeletDiskType specifies the kubelet disk type. + Default to OS. Possible values include: 'OS', 'Temporary'. + Requires Microsoft.ContainerService/KubeletDisk preview + feature to be set. Immutable. See also [AKS doc]. \n [AKS + doc]: https://learn.microsoft.com/rest/api/aks/agent-pools/create-or-update?tabs=HTTP#kubeletdisktype" + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: LinuxOSConfig specifies the custom Linux OS settings + and configurations. Immutable. + properties: + swapFileSizeMB: + description: "SwapFileSizeMB specifies size in MB of a + swap file will be created on the agent nodes from this + node pool. Max value of SwapFileSizeMB should be the + size of temporary disk(/dev/sdb). Must be at least 1. + See also [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/azure/virtual-machines/managed-disks-overview#temporary-disk" + minimum: 1 + type: integer + sysctls: + description: Sysctl specifies the settings for Linux agent + nodes. + properties: + fsAioMaxNr: + description: FsAioMaxNr specifies the maximum number + of system-wide asynchronous io requests. Valid values + are 65536-6553500 (inclusive). Maps to fs.aio-max-nr. + maximum: 6553500 + minimum: 65536 + type: integer + fsFileMax: + description: FsFileMax specifies the max number of + file-handles that the Linux kernel will allocate, + by increasing increases the maximum number of open + files permitted. Valid values are 8192-12000500 + (inclusive). Maps to fs.file-max. + maximum: 12000500 + minimum: 8192 + type: integer + fsInotifyMaxUserWatches: + description: FsInotifyMaxUserWatches specifies the + number of file watches allowed by the system. Each + watch is roughly 90 bytes on a 32-bit kernel, and + roughly 160 bytes on a 64-bit kernel. Valid values + are 781250-2097152 (inclusive). Maps to fs.inotify.max_user_watches. + maximum: 2097152 + minimum: 781250 + type: integer + fsNrOpen: + description: FsNrOpen specifies the maximum number + of file-handles a process can allocate. Valid values + are 8192-20000500 (inclusive). Maps to fs.nr_open. + maximum: 20000500 + minimum: 8192 + type: integer + kernelThreadsMax: + description: KernelThreadsMax specifies the maximum + number of all threads that can be created. Valid + values are 20-513785 (inclusive). Maps to kernel.threads-max. + maximum: 513785 + minimum: 20 + type: integer + netCoreNetdevMaxBacklog: + description: NetCoreNetdevMaxBacklog specifies maximum + number of packets, queued on the INPUT side, when + the interface receives packets faster than kernel + can process them. Valid values are 1000-3240000 + (inclusive). Maps to net.core.netdev_max_backlog. + maximum: 3240000 + minimum: 1000 + type: integer + netCoreOptmemMax: + description: NetCoreOptmemMax specifies the maximum + ancillary buffer size (option memory buffer) allowed + per socket. Socket option memory is used in a few + cases to store extra structures relating to usage + of the socket. Valid values are 20480-4194304 (inclusive). + Maps to net.core.optmem_max. + maximum: 4194304 + minimum: 20480 + type: integer + netCoreRmemDefault: + description: NetCoreRmemDefault specifies the default + receive socket buffer size in bytes. Valid values + are 212992-134217728 (inclusive). Maps to net.core.rmem_default. + maximum: 134217728 + minimum: 212992 + type: integer + netCoreRmemMax: + description: NetCoreRmemMax specifies the maximum + receive socket buffer size in bytes. Valid values + are 212992-134217728 (inclusive). Maps to net.core.rmem_max. + maximum: 134217728 + minimum: 212992 + type: integer + netCoreSomaxconn: + description: NetCoreSomaxconn specifies maximum number + of connection requests that can be queued for any + given listening socket. An upper limit for the value + of the backlog parameter passed to the listen(2)(https://man7.org/linux/man-pages/man2/listen.2.html) + function. If the backlog argument is greater than + the somaxconn, then it's silently truncated to this + limit. Valid values are 4096-3240000 (inclusive). + Maps to net.core.somaxconn. + maximum: 3240000 + minimum: 4096 + type: integer + netCoreWmemDefault: + description: NetCoreWmemDefault specifies the default + send socket buffer size in bytes. Valid values are + 212992-134217728 (inclusive). Maps to net.core.wmem_default. + maximum: 134217728 + minimum: 212992 + type: integer + netCoreWmemMax: + description: NetCoreWmemMax specifies the maximum + send socket buffer size in bytes. Valid values are + 212992-134217728 (inclusive). Maps to net.core.wmem_max. + maximum: 134217728 + minimum: 212992 + type: integer + netIpv4IPLocalPortRange: + description: NetIpv4IPLocalPortRange is used by TCP + and UDP traffic to choose the local port on the + agent node. PortRange should be specified in the + format "first last". First, being an integer, must + be between [1024 - 60999]. Last, being an integer, + must be between [32768 - 65000]. Maps to net.ipv4.ip_local_port_range. + type: string + netIpv4NeighDefaultGcThresh1: + description: NetIpv4NeighDefaultGcThresh1 specifies + the minimum number of entries that may be in the + ARP cache. Garbage collection won't be triggered + if the number of entries is below this setting. + Valid values are 128-80000 (inclusive). Maps to + net.ipv4.neigh.default.gc_thresh1. + maximum: 80000 + minimum: 128 + type: integer + netIpv4NeighDefaultGcThresh2: + description: NetIpv4NeighDefaultGcThresh2 specifies + soft maximum number of entries that may be in the + ARP cache. ARP garbage collection will be triggered + about 5 seconds after reaching this soft maximum. + Valid values are 512-90000 (inclusive). Maps to + net.ipv4.neigh.default.gc_thresh2. + maximum: 90000 + minimum: 512 + type: integer + netIpv4NeighDefaultGcThresh3: + description: NetIpv4NeighDefaultGcThresh3 specified + hard maximum number of entries in the ARP cache. + Valid values are 1024-100000 (inclusive). Maps to + net.ipv4.neigh.default.gc_thresh3. + maximum: 100000 + minimum: 1024 + type: integer + netIpv4TCPFinTimeout: + description: NetIpv4TCPFinTimeout specifies the length + of time an orphaned connection will remain in the + FIN_WAIT_2 state before it's aborted at the local + end. Valid values are 5-120 (inclusive). Maps to + net.ipv4.tcp_fin_timeout. + maximum: 120 + minimum: 5 + type: integer + netIpv4TCPKeepaliveProbes: + description: NetIpv4TCPKeepaliveProbes specifies the + number of keepalive probes TCP sends out, until + it decides the connection is broken. Valid values + are 1-15 (inclusive). Maps to net.ipv4.tcp_keepalive_probes. + maximum: 15 + minimum: 1 + type: integer + netIpv4TCPKeepaliveTime: + description: NetIpv4TCPKeepaliveTime specifies the + rate at which TCP sends out a keepalive message + when keepalive is enabled. Valid values are 30-432000 + (inclusive). Maps to net.ipv4.tcp_keepalive_time. + maximum: 432000 + minimum: 30 + type: integer + netIpv4TCPMaxSynBacklog: + description: NetIpv4TCPMaxSynBacklog specifies the + maximum number of queued connection requests that + have still not received an acknowledgment from the + connecting client. If this number is exceeded, the + kernel will begin dropping requests. Valid values + are 128-3240000 (inclusive). Maps to net.ipv4.tcp_max_syn_backlog. + maximum: 3240000 + minimum: 128 + type: integer + netIpv4TCPMaxTwBuckets: + description: NetIpv4TCPMaxTwBuckets specifies maximal + number of timewait sockets held by system simultaneously. + If this number is exceeded, time-wait socket is + immediately destroyed and warning is printed. Valid + values are 8000-1440000 (inclusive). Maps to net.ipv4.tcp_max_tw_buckets. + maximum: 1440000 + minimum: 8000 + type: integer + netIpv4TCPTwReuse: + description: NetIpv4TCPTwReuse is used to allow to + reuse TIME-WAIT sockets for new connections when + it's safe from protocol viewpoint. Maps to net.ipv4.tcp_tw_reuse. + type: boolean + netIpv4TCPkeepaliveIntvl: + description: NetIpv4TCPkeepaliveIntvl specifies the + frequency of the probes sent out. Multiplied by + tcpKeepaliveprobes, it makes up the time to kill + a connection that isn't responding, after probes + started. Valid values are 1-75 (inclusive). Maps + to net.ipv4.tcp_keepalive_intvl. + maximum: 75 + minimum: 1 + type: integer + netNetfilterNfConntrackBuckets: + description: NetNetfilterNfConntrackBuckets specifies + the size of hash table used by nf_conntrack module + to record the established connection record of the + TCP protocol. Valid values are 65536-147456 (inclusive). + Maps to net.netfilter.nf_conntrack_buckets. + maximum: 147456 + minimum: 65536 + type: integer + netNetfilterNfConntrackMax: + description: NetNetfilterNfConntrackMax specifies + the maximum number of connections supported by the + nf_conntrack module or the size of connection tracking + table. Valid values are 131072-1048576 (inclusive). + Maps to net.netfilter.nf_conntrack_max. + maximum: 1048576 + minimum: 131072 + type: integer + vmMaxMapCount: + description: VMMaxMapCount specifies the maximum number + of memory map areas a process may have. Maps to + vm.max_map_count. Valid values are 65530-262144 + (inclusive). + maximum: 262144 + minimum: 65530 + type: integer + vmSwappiness: + description: VMSwappiness specifies aggressiveness + of the kernel in swapping memory pages. Higher values + will increase aggressiveness, lower values decrease + the amount of swap. Valid values are 0-100 (inclusive). + Maps to vm.swappiness. + maximum: 100 + minimum: 0 + type: integer + vmVfsCachePressure: + description: VMVfsCachePressure specifies the percentage + value that controls tendency of the kernel to reclaim + the memory, which is used for caching of directory + and inode objects. Valid values are 1-500 (inclusive). + Maps to vm.vfs_cache_pressure. + maximum: 500 + minimum: 1 + type: integer + type: object + transparentHugePageDefrag: + description: "TransparentHugePageDefrag specifies whether + the kernel should make aggressive use of memory compaction + to make more hugepages available. See also [Linux doc]. + \n [Linux doc]: https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge + for more details." + enum: + - always + - defer + - defer+madvise + - madvise + - never + type: string + transparentHugePageEnabled: + description: "TransparentHugePageEnabled specifies various + modes of Transparent Hugepages. See also [Linux doc]. + \n [Linux doc]: https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge + for more details." + enum: + - always + - madvise + - never + type: string + type: object + maxPods: + description: "MaxPods specifies the kubelet `--max-pods` configuration + for the node pool. Immutable. See also [AKS doc], [K8s doc]. + \n [AKS doc]: https://learn.microsoft.com/azure/aks/configure-azure-cni#configure-maximum---new-clusters + [K8s doc]: https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/" + type: integer + mode: + description: 'Mode represents the mode of an agent pool. Possible + values include: System, User.' + enum: + - System + - User + type: string + name: + description: Name is the name of the agent pool. If not specified, + CAPZ uses the name of the CR as the agent pool name. Immutable. + type: string + nodeLabels: + additionalProperties: + type: string + description: "Node labels represent the labels for all of + the nodes present in node pool. See also [AKS doc]. \n [AKS + doc]: https://learn.microsoft.com/azure/aks/use-labels" + type: object + nodePublicIPPrefixID: + description: NodePublicIPPrefixID specifies the public IP + prefix resource ID which VM nodes should use IPs from. Immutable. + type: string + osDiskSizeGB: + description: OSDiskSizeGB is the disk size for every machine + in this agent pool. If you specify 0, it will apply the + default osDisk size according to the vmSize specified. Immutable. + type: integer + osDiskType: + default: Managed + description: "OsDiskType specifies the OS disk type for each + node in the pool. Allowed values are 'Ephemeral' and 'Managed' + (default). Immutable. See also [AKS doc]. \n [AKS doc]: + https://learn.microsoft.com/azure/aks/cluster-configuration#ephemeral-os" + enum: + - Ephemeral + - Managed + type: string + osType: + description: "OSType specifies the virtual machine operating + system. Default to Linux. Possible values include: 'Linux', + 'Windows'. 'Windows' requires the AzureManagedControlPlane's + `spec.networkPlugin` to be `azure`. Immutable. See also + [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/rest/api/aks/agent-pools/create-or-update?tabs=HTTP#ostype" + enum: + - Linux + - Windows + type: string + scaleDownMode: + default: Delete + description: 'ScaleDownMode affects the cluster autoscaler + behavior. Default to Delete. Possible values include: ''Deallocate'', + ''Delete''' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority specifies the ScaleSetPriority + value. Default to Regular. Possible values include: ''Regular'', + ''Spot'' Immutable.' + enum: + - Regular + - Spot + type: string + scaling: + description: Scaling specifies the autoscaling parameters + for the node pool. + properties: + maxSize: + description: MaxSize is the maximum number of nodes for + auto-scaling. + type: integer + minSize: + description: MinSize is the minimum number of nodes for + auto-scaling. + type: integer + type: object + sku: + description: SKU is the size of the VMs in the node pool. + Immutable. + type: string + spotMaxPrice: + anyOf: + - type: integer + - type: string + description: SpotMaxPrice defines max price to pay for spot + instance. Possible values are any decimal value greater + than zero or -1. If you set the max price to be -1, the + VM won't be evicted based on price. The price for the VM + will be the current price for spot or the price for a standard + VM, which ever is less, as long as there's capacity and + quota available. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + subnetName: + description: SubnetName specifies the Subnet where the MachinePool + will be placed Immutable. + type: string + taints: + description: "Taints specifies the taints for nodes present + in this agent pool. See also [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/azure/aks/use-multiple-node-pools#setting-node-pool-taints" + items: + description: Taint represents a Kubernetes taint. + properties: + effect: + description: Effect specifies the effect for the taint + enum: + - NoSchedule + - NoExecute + - PreferNoSchedule + type: string + key: + description: Key is the key of the taint + type: string + value: + description: Value is the value of the taint + type: string + required: + - effect + - key + - value + type: object + type: array + required: + - mode + - sku + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.kubernetes.io: unapproved + controller-gen.kubebuilder.io/version: v0.5.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: azurepodidentityexceptions.aadpodidentity.k8s.io +spec: + group: aadpodidentity.k8s.io + names: + kind: AzurePodIdentityException + listKind: AzurePodIdentityExceptionList + plural: azurepodidentityexceptions + singular: azurepodidentityexception + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: AzurePodIdentityException contains the pod selectors for all + pods that don't require NMI to process and request token on their behalf. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzurePodIdentityExceptionSpec matches pods with the selector + defined. If request originates from a pod that matches the selector, + nmi will proxy the request and send response back without any validation. + properties: + metadata: + type: object + podLabels: + additionalProperties: + type: string + type: object + type: object + status: + description: AzurePodIdentityExceptionStatus contains the status of an + AzurePodIdentityException. + properties: + metadata: + type: object + status: + type: string + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.4.0 + name: managedclusters.containerservice.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: containerservice.azure.com + names: + kind: ManagedCluster + listKind: ManagedClusterList + plural: managedclusters + singular: managedcluster + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20210501 + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2021-05-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: The client AAD application ID.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: The server AAD application ID.' + type: string + serverAppSecret: + description: 'ServerAppSecret: The server AAD application secret.' + type: string + tenantID: + description: 'TenantID: The AAD tenant ID to use for authentication. + If not specified, will use the tenant of the deployment subscription.' + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + required: + - enabled + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones + to use for nodes. This can only be specified if the AgentPoolType + property is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for + system pools. The default value is 1.' + type: integer + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported + on certain VM sizes and in certain Azure regions. For more + information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require + nodes in a node pool to receive their own dedicated public + IP addresses. A common scenario is for gaming workloads, where + a console needs to make a direct connection to a cloud virtual + machine to minimize hops. For more information see [assigning + a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of + container log files that can be present for a container. + The number must be ≥ 2.' + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' + Valid values are a sequence of decimal numbers with an + optional fraction and a unit suffix. For example: ''300ms'', + ''2h45m''. Supported units are ''ns'', ''us'', ''ms'', + ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. + See [Kubernetes CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and + ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information + see [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', + ''best-effort'', ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral + storage.' + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are + ''always'', ''defer'', ''defer+madvise'', ''madvise'' + and ''never''. The default is ''madvise''. For more information + see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are + ''always'', ''madvise'', and ''never''. The default is + ''always''. For more information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' + Agent Pool at all times. For additional information on agent + pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + enum: + - System + - User + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + pattern: ^[a-z][a-z0-9]{0,11}$ + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixIDReference: + description: 'NodePublicIPPrefixIDReference: This is of the + form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: As a best practice, you should + upgrade all node pools in an AKS cluster to the same Kubernetes + version. The node pool version must have the same major version + as the control plane. The node pool minor version must be + within two minor versions of the control plane version. The + node pool version cannot be greater than the control plane + version. For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the + VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to ''Managed''. May not + be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: 'OsSKU: Specifies an OS SKU. This value must not + be specified if OSType is Windows.' + enum: + - CBLMariner + - Ubuntu + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + enum: + - Linux + - Windows + type: string + podSubnetIDReference: + description: 'PodSubnetIDReference: If omitted, pod IPs are + statically assigned on the node subnet (see vnetSubnetID for + more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity + Placement Group.' + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified + unless the scaleSetPriority is ''Spot''. If not specified, + the default is ''Delete''.' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal + value greater than zero or -1 which indicates the willingness + to pay any on-demand price. For more details on spot pricing, + see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer + (e.g. ''5'') or a percentage (e.g. ''50%''). If a percentage + is specified, it is the percentage of the total agent + pool size at the time of the upgrade. For percentages, + fractional nodes are rounded up. If not specified, the + default is 1. For more information, including best practices, + see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. + If a node contains insufficient compute resources (memory, + cpu, etc) pods might fail to run correctly. For more details + on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetIDReference: + description: 'VnetSubnetIDReference: If this is not specified, + a VNET and subnet will be generated and used. If no podSubnetID + is specified, this applies to nodes and pods, otherwise it + applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: 'AuthorizedIPRanges: IP ranges are specified in CIDR + format, e.g. 137.117.106.88/29. This feature is not compatible + with clusters that use Public IP Per Node, or clusters that + are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges).' + items: + type: string + type: array + enablePrivateCluster: + description: 'EnablePrivateCluster: For more details, see [Creating + a private AKS cluster](https://docs.microsoft.com/azure/aks/private-clusters).' + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + privateDNSZone: + description: 'PrivateDNSZone: The default is System. For more + details see [configure private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). + Allowed values are ''system'' and ''none''.' + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: 'Expander: If not specified, the default is ''random''. + See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information.' + enum: + - least-waste + - most-pods + - priority + - random + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: 'MaxNodeProvisionTime: The default is ''15m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: 'NewPodScaleUpDelay: For scenarios like burst/batch + scale where you don''t want CA to act before the kubernetes + scheduler could schedule all the pods, you can tell CA to ignore + unscheduled pods before they''re a certain age. The default + is ''0s''. Values must be an integer followed by a unit (''s'' + for seconds, ''m'' for minutes, ''h'' for hours, etc).' + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: 'ScaleDownDelayAfterAdd: The default is ''10m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-delete: + description: 'ScaleDownDelayAfterDelete: The default is the scan-interval. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-failure: + description: 'ScaleDownDelayAfterFailure: The default is ''3m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-unneeded-time: + description: 'ScaleDownUnneededTime: The default is ''10m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-unready-time: + description: 'ScaleDownUnreadyTime: The default is ''20m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + upgradeChannel: + description: 'UpgradeChannel: For more information see [setting + the AKS cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel).' + enum: + - node-image + - none + - patch + - rapid + - stable + type: string + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ + type: string + disableLocalAccounts: + description: 'DisableLocalAccounts: If set to true, getting static + credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details + see [disable local accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview).' + type: boolean + diskEncryptionSetIDReference: + description: 'DiskEncryptionSetIDReference: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enablePodSecurityPolicy: + description: 'EnablePodSecurityPolicy: (DEPRECATING) Whether to enable + Kubernetes pod security policy (preview). This feature is set for + removal on October 15th, 2020. Learn more at aka.ms/aks/azpodpolicy.' + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + enum: + - EdgeZone + type: string + type: object + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + type: + description: 'Type: For more information see [use managed identities + in AKS](https://docs.microsoft.com/azure/aks/use-managed-identity).' + enum: + - None + - SystemAssigned + - UserAssigned + type: string + userAssignedIdentities: + description: 'UserAssignedIdentities: The keys must be ARM resource + IDs in the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''.' + items: + description: Information about the user assigned identity for + the resource + properties: + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + kubernetesVersion: + description: 'KubernetesVersion: When you upgrade a supported AKS + cluster, Kubernetes minor versions cannot be skipped. All upgrades + must be performed sequentially by major version number. For example, + upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, + however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) + for more details.' + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + pattern: ^[A-Za-z][-A-Za-z0-9_]*$ + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: 'KeyData: Certificate public key used to + authenticate with VMs through SSH. The certificate + must be in PEM format with or without headers.' + type: string + required: + - keyData + type: object + type: array + required: + - publicKeys + type: object + required: + - adminUsername + - ssh + type: object + location: + description: 'Location: Resource location' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: 'DnsServiceIP: An IP address assigned to the Kubernetes + DNS service. It must be within the Kubernetes service address + range specified in serviceCidr.' + pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ + type: string + dockerBridgeCidr: + description: 'DockerBridgeCidr: A CIDR notation IP range assigned + to the Docker bridge network. It must not overlap with any Subnet + IP ranges or the Kubernetes service address range.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: 'AllocatedOutboundPorts: The desired number of + allocated SNAT ports per VM. Allowed values are in the range + of 0 to 64000 (inclusive). The default value is 0 which + results in Azure dynamically allocating ports.' + maximum: 64000 + minimum: 0 + type: integer + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 30 minutes.' + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: 'Count: The desired number of outbound IPs + created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 1.' + maximum: 100 + minimum: 1 + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + description: 'LoadBalancerSku: The default is ''standard''. See + [Azure Load Balancer SKUs](https://docs.microsoft.com/azure/load-balancer/skus) + for more information about the differences between load balancer + SKUs.' + enum: + - basic + - standard + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + enum: + - bridge + - transparent + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + enum: + - azure + - kubenet + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + enum: + - azure + - calico + type: string + outboundType: + description: 'OutboundType: This can only be set at cluster creation + time and cannot be changed later. For more information see [egress + outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype).' + enum: + - loadBalancer + - userDefinedRouting + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + serviceCidr: + description: 'ServiceCidr: A CIDR notation IP range from which + to assign service cluster IPs. It must not overlap with any + Subnet IP ranges.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + operatorSpec: + description: 'OperatorSpec: The specification for configuring operator + behavior. This field is interpreted by the operator and not passed + directly to Azure' + properties: + secrets: + description: 'Secrets: configures where to place Azure generated + secrets.' + properties: + adminCredentials: + description: 'AdminCredentials: indicates where the AdminCredentials + secret should be placed. If omitted, the secret will not + be retrieved from Azure.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: 'UserCredentials: indicates where the UserCredentials + secret should be placed. If omitted, the secret will not + be retrieved from Azure.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: 'PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on AAD pod identity integration.' + properties: + allowNetworkPluginKubenet: + description: 'AllowNetworkPluginKubenet: Running in Kubenet is + disabled by default due to the security related nature of AAD + Pod Identity and the risks of IP spoofing. See [using Kubenet + network plugin with AAD Pod Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information.' + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + required: + - identity + - name + - namespace + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + required: + - name + - namespace + - podLabels + type: object + type: array + type: object + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + servicePrincipalProfile: + description: 'ServicePrincipalProfile: Information about a service + principal identity for the cluster to use for manipulating Azure + APIs.' + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + secret: + description: 'Secret: The secret password associated with the + service principal in plain text.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret being + referenced. The secret must be in the same namespace as + the resource + type: string + required: + - key + - name + type: object + required: + - clientId + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + enum: + - Basic + type: string + tier: + description: 'Tier: If not specified, the default is ''Free''. + See [uptime SLA](https://docs.microsoft.com/azure/aks/uptime-sla) + for more details.' + enum: + - Free + - Paid + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags' + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: 'AdminPassword: Specifies the password of the administrator + account. Minimum-length: 8 characters Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to + be fulfilled Has lower characters Has upper characters Has a + digit Has a special character (Regex match [\W_]) Disallowed + values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", + "Pa$$$$word", "pass@word1", "Password!", "Password1", "Password22", + "iloveyou!"' + type: string + adminUsername: + description: 'AdminUsername: Specifies the name of the administrator + account. Restriction: Cannot end in "." Disallowed values: "administrator", + "admin", "user", "user1", "test", "user2", "test1", "user3", + "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", + "backup", "console", "david", "guest", "john", "owner", "root", + "server", "sql", "support", "support_388945a0", "sys", "test2", + "test3", "user4", "user5". Minimum-length: 1 character Max-length: + 20 characters' + type: string + enableCSIProxy: + description: 'EnableCSIProxy: For more details on CSI proxy, see + the [CSI proxy GitHub repo](https://github.com/kubernetes-csi/csi-proxy).' + type: boolean + licenseType: + description: 'LicenseType: The license type to use for Windows + VMs. See [Azure Hybrid User Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) + for more details.' + enum: + - None + - Windows_Server + type: string + required: + - adminUsername + type: object + required: + - location + - owner + type: object + status: + description: Managed cluster. + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: The client AAD application ID.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: The server AAD application ID.' + type: string + serverAppSecret: + description: 'ServerAppSecret: The server AAD application secret.' + type: string + tenantID: + description: 'TenantID: The AAD tenant ID to use for authentication. + If not specified, will use the tenant of the deployment subscription.' + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + identity: + description: 'Identity: Information of user assigned identity + used by this add-on.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones + to use for nodes. This can only be specified if the AgentPoolType + property is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for + system pools. The default value is 1.' + type: integer + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported + on certain VM sizes and in certain Azure regions. For more + information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require + nodes in a node pool to receive their own dedicated public + IP addresses. A common scenario is for gaming workloads, where + a console needs to make a direct connection to a cloud virtual + machine to minimize hops. For more information see [assigning + a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of + container log files that can be present for a container. + The number must be ≥ 2.' + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' + Valid values are a sequence of decimal numbers with an + optional fraction and a unit suffix. For example: ''300ms'', + ''2h45m''. Supported units are ''ns'', ''us'', ''ms'', + ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. + See [Kubernetes CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and + ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information + see [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', + ''best-effort'', ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral + storage.' + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are + ''always'', ''defer'', ''defer+madvise'', ''madvise'' + and ''never''. The default is ''madvise''. For more information + see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are + ''always'', ''madvise'', and ''never''. The default is + ''always''. For more information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' + Agent Pool at all times. For additional information on agent + pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + type: string + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: 'NodePublicIPPrefixID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: As a best practice, you should + upgrade all node pools in an AKS cluster to the same Kubernetes + version. The node pool version must have the same major version + as the control plane. The node pool minor version must be + within two minor versions of the control plane version. The + node pool version cannot be greater than the control plane + version. For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the + VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to ''Managed''. May not + be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + type: string + osSKU: + description: 'OsSKU: Specifies an OS SKU. This value must not + be specified if OSType is Windows.' + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + type: string + podSubnetID: + description: 'PodSubnetID: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + powerState: + description: 'PowerState: Describes whether the Agent Pool is + Running or Stopped' + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + type: string + type: object + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity + Placement Group.' + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified + unless the scaleSetPriority is ''Spot''. If not specified, + the default is ''Delete''.' + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal + value greater than zero or -1 which indicates the willingness + to pay any on-demand price. For more details on spot pricing, + see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer + (e.g. ''5'') or a percentage (e.g. ''50%''). If a percentage + is specified, it is the percentage of the total agent + pool size at the time of the upgrade. For percentages, + fractional nodes are rounded up. If not specified, the + default is 1. For more information, including best practices, + see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. + If a node contains insufficient compute resources (memory, + cpu, etc) pods might fail to run correctly. For more details + on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetID: + description: 'VnetSubnetID: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies + to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: 'AuthorizedIPRanges: IP ranges are specified in CIDR + format, e.g. 137.117.106.88/29. This feature is not compatible + with clusters that use Public IP Per Node, or clusters that + are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges).' + items: + type: string + type: array + enablePrivateCluster: + description: 'EnablePrivateCluster: For more details, see [Creating + a private AKS cluster](https://docs.microsoft.com/azure/aks/private-clusters).' + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + privateDNSZone: + description: 'PrivateDNSZone: The default is System. For more + details see [configure private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). + Allowed values are ''system'' and ''none''.' + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: 'Expander: If not specified, the default is ''random''. + See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information.' + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: 'MaxNodeProvisionTime: The default is ''15m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: 'NewPodScaleUpDelay: For scenarios like burst/batch + scale where you don''t want CA to act before the kubernetes + scheduler could schedule all the pods, you can tell CA to ignore + unscheduled pods before they''re a certain age. The default + is ''0s''. Values must be an integer followed by a unit (''s'' + for seconds, ''m'' for minutes, ''h'' for hours, etc).' + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: 'ScaleDownDelayAfterAdd: The default is ''10m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-delete: + description: 'ScaleDownDelayAfterDelete: The default is the scan-interval. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-failure: + description: 'ScaleDownDelayAfterFailure: The default is ''3m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-unneeded-time: + description: 'ScaleDownUnneededTime: The default is ''10m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-unready-time: + description: 'ScaleDownUnreadyTime: The default is ''20m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + upgradeChannel: + description: 'UpgradeChannel: For more information see [setting + the AKS cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel).' + type: string + type: object + azurePortalFQDN: + description: 'AzurePortalFQDN: The Azure Portal requires certain Cross-Origin + Resource Sharing (CORS) headers to be sent in some responses, which + Kubernetes APIServer doesn''t handle by default. This special FQDN + supports CORS, allowing the Azure Portal to function properly.' + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + disableLocalAccounts: + description: 'DisableLocalAccounts: If set to true, getting static + credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details + see [disable local accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview).' + type: boolean + diskEncryptionSetID: + description: 'DiskEncryptionSetID: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + type: string + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enablePodSecurityPolicy: + description: 'EnablePodSecurityPolicy: (DEPRECATING) Whether to enable + Kubernetes pod security policy (preview). This feature is set for + removal on October 15th, 2020. Learn more at aka.ms/aks/azpodpolicy.' + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + type: string + type: object + fqdn: + description: 'Fqdn: The FQDN of the master pool.' + type: string + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + id: + description: 'Id: Resource Id' + type: string + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + principalId: + description: 'PrincipalId: The principal id of the system assigned + identity which is used by master components.' + type: string + tenantId: + description: 'TenantId: The tenant id of the system assigned identity + which is used by master components.' + type: string + type: + description: 'Type: For more information see [use managed identities + in AKS](https://docs.microsoft.com/azure/aks/use-managed-identity).' + type: string + userAssignedIdentities: + additionalProperties: + properties: + clientId: + description: 'ClientId: The client id of user assigned identity.' + type: string + principalId: + description: 'PrincipalId: The principal id of user assigned + identity.' + type: string + type: object + description: 'UserAssignedIdentities: The keys must be ARM resource + IDs in the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''.' + type: object + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + kubernetesVersion: + description: 'KubernetesVersion: When you upgrade a supported AKS + cluster, Kubernetes minor versions cannot be skipped. All upgrades + must be performed sequentially by major version number. For example, + upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, + however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) + for more details.' + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: 'KeyData: Certificate public key used to + authenticate with VMs through SSH. The certificate + must be in PEM format with or without headers.' + type: string + type: object + type: array + type: object + type: object + location: + description: 'Location: Resource location' + type: string + maxAgentPools: + description: 'MaxAgentPools: The max number of agent pools for the + managed cluster.' + type: integer + name: + description: 'Name: Resource name' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: 'DnsServiceIP: An IP address assigned to the Kubernetes + DNS service. It must be within the Kubernetes service address + range specified in serviceCidr.' + type: string + dockerBridgeCidr: + description: 'DockerBridgeCidr: A CIDR notation IP range assigned + to the Docker bridge network. It must not overlap with any Subnet + IP ranges or the Kubernetes service address range.' + type: string + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: 'AllocatedOutboundPorts: The desired number of + allocated SNAT ports per VM. Allowed values are in the range + of 0 to 64000 (inclusive). The default value is 0 which + results in Azure dynamically allocating ports.' + type: integer + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 30 minutes.' + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: 'Count: The desired number of outbound IPs + created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 1.' + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + description: 'LoadBalancerSku: The default is ''standard''. See + [Azure Load Balancer SKUs](https://docs.microsoft.com/azure/load-balancer/skus) + for more information about the differences between load balancer + SKUs.' + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + type: string + outboundType: + description: 'OutboundType: This can only be set at cluster creation + time and cannot be changed later. For more information see [egress + outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype).' + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + type: string + serviceCidr: + description: 'ServiceCidr: A CIDR notation IP range from which + to assign service cluster IPs. It must not overlap with any + Subnet IP ranges.' + type: string + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + podIdentityProfile: + description: 'PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on AAD pod identity integration.' + properties: + allowNetworkPluginKubenet: + description: 'AllowNetworkPluginKubenet: Running in Kubenet is + disabled by default due to the security related nature of AAD + Pod Identity and the risks of IP spoofing. See [using Kubenet + network plugin with AAD Pod Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information.' + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user + assigned identity.' + type: string + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + provisioningInfo: + properties: + error: + description: 'Error: Pod identity assignment error (if + any).' + properties: + error: + description: 'Error: Details about the error.' + properties: + code: + description: 'Code: An identifier for the error. + Codes are invariant and are intended to be + consumed programmatically.' + type: string + details: + description: 'Details: A list of additional + details about the error.' + items: + properties: + code: + description: 'Code: An identifier for + the error. Codes are invariant and are + intended to be consumed programmatically.' + type: string + message: + description: 'Message: A message describing + the error, intended to be suitable for + display in a user interface.' + type: string + target: + description: 'Target: The target of the + particular error. For example, the name + of the property in error.' + type: string + type: object + type: array + message: + description: 'Message: A message describing + the error, intended to be suitable for display + in a user interface.' + type: string + target: + description: 'Target: The target of the particular + error. For example, the name of the property + in error.' + type: string + type: object + type: object + type: object + provisioningState: + description: 'ProvisioningState: The current provisioning + state of the pod identity.' + type: string + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + type: object + type: array + type: object + powerState: + description: 'PowerState: The Power State of the cluster.' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + privateFQDN: + description: 'PrivateFQDN: The FQDN of private cluster.' + type: string + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + id: + description: 'Id: The ID of the private link resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + privateLinkServiceID: + description: 'PrivateLinkServiceID: The private link service + ID of the resource, this field is exposed only to NRP internally.' + type: string + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + provisioningState: + description: 'ProvisioningState: The current provisioning state.' + type: string + servicePrincipalProfile: + description: 'ServicePrincipalProfile: Information about a service + principal identity for the cluster to use for manipulating Azure + APIs.' + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + type: string + tier: + description: 'Tier: If not specified, the default is ''Free''. + See [uptime SLA](https://docs.microsoft.com/azure/aks/uptime-sla) + for more details.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags' + type: object + type: + description: 'Type: Resource type' + type: string + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: 'AdminPassword: Specifies the password of the administrator + account. Minimum-length: 8 characters Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to + be fulfilled Has lower characters Has upper characters Has a + digit Has a special character (Regex match [\W_]) Disallowed + values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", + "Pa$$$$word", "pass@word1", "Password!", "Password1", "Password22", + "iloveyou!"' + type: string + adminUsername: + description: 'AdminUsername: Specifies the name of the administrator + account. Restriction: Cannot end in "." Disallowed values: "administrator", + "admin", "user", "user1", "test", "user2", "test1", "user3", + "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", + "backup", "console", "david", "guest", "john", "owner", "root", + "server", "sql", "support", "support_388945a0", "sys", "test2", + "test3", "user4", "user5". Minimum-length: 1 character Max-length: + 20 characters' + type: string + enableCSIProxy: + description: 'EnableCSIProxy: For more details on CSI proxy, see + the [CSI proxy GitHub repo](https://github.com/kubernetes-csi/csi-proxy).' + type: boolean + licenseType: + description: 'LicenseType: The license type to use for Windows + VMs. See [Azure Hybrid User Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) + for more details.' + type: string + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20210501storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20210501.ManagedCluster Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2021-05-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20210501.ManagedCluster_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + aadProfile: + description: Storage version of v1api20210501.ManagedClusterAADProfile + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: Storage version of v1api20210501.ManagedClusterAddonProfile + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + type: object + type: object + agentPoolProfiles: + items: + description: Storage version of v1api20210501.ManagedClusterAgentPoolProfile + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + count: + type: integer + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + kubeletConfig: + description: Storage version of v1api20210501.KubeletConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20210501.LinuxOSConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20210501.SysctlConfig + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixIDReference: + description: 'NodePublicIPPrefixIDReference: This is of the + form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetIDReference: + description: 'PodSubnetIDReference: If omitted, pod IPs are + statically assigned on the node subnet (see vnetSubnetID for + more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + proximityPlacementGroupID: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20210501.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetIDReference: + description: 'VnetSubnetIDReference: If this is not specified, + a VNET and subnet will be generated and used. If no podSubnetID + is specified, this applies to nodes and pods, otherwise it + applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + apiServerAccessProfile: + description: Storage version of v1api20210501.ManagedClusterAPIServerAccessProfile + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + privateDNSZone: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20210501.ManagedClusterProperties_AutoScalerProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + expander: + type: string + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: Storage version of v1api20210501.ManagedClusterAutoUpgradeProfile + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + upgradeChannel: + type: string + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ + type: string + disableLocalAccounts: + type: boolean + diskEncryptionSetIDReference: + description: 'DiskEncryptionSetIDReference: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + type: string + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: Storage version of v1api20210501.ExtendedLocation The + complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdnSubdomain: + type: string + httpProxyConfig: + description: Storage version of v1api20210501.ManagedClusterHTTPProxyConfig + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + identity: + description: Storage version of v1api20210501.ManagedClusterIdentity + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + type: + type: string + userAssignedIdentities: + items: + description: Storage version of v1api20210501.UserAssignedIdentityDetails + Information about the user assigned identity for the resource + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: Storage version of v1api20210501.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: object + kubernetesVersion: + type: string + linuxProfile: + description: Storage version of v1api20210501.ContainerServiceLinuxProfile + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: Storage version of v1api20210501.ContainerServiceSshConfiguration + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: Storage version of v1api20210501.ContainerServiceSshPublicKey + Contains information about SSH certificate public key + data. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + networkProfile: + description: Storage version of v1api20210501.ContainerServiceNetworkProfile + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + dnsServiceIP: + type: string + dockerBridgeCidr: + type: string + loadBalancerProfile: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + effectiveOutboundIPs: + items: + description: Storage version of v1api20210501.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + count: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPPrefixes: + items: + description: Storage version of v1api20210501.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_OutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPs: + items: + description: Storage version of v1api20210501.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + serviceCidr: + type: string + type: object + nodeResourceGroup: + type: string + operatorSpec: + description: Storage version of v1api20210501.ManagedClusterOperatorSpec + Details for configuring operator behavior. Fields in this struct + are interpreted by the operator directly rather than being passed + to Azure + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + secrets: + description: Storage version of v1api20210501.ManagedClusterOperatorSecrets + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminCredentials: + description: 'SecretDestination describes the location to + store a single secret value. Note: This is similar to ConfigMapDestination + in configmaps.go. Changes to one should likely also be made + to the other.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: 'SecretDestination describes the location to + store a single secret value. Note: This is similar to ConfigMapDestination + in configmaps.go. Changes to one should likely also be made + to the other.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + originalVersion: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: Storage version of v1api20210501.ManagedClusterPodIdentityProfile + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on pod identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: Storage version of v1api20210501.ManagedClusterPodIdentity + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + bindingSelector: + type: string + identity: + description: Storage version of v1api20210501.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + type: string + namespace: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: Storage version of v1api20210501.ManagedClusterPodIdentityException + See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + privateLinkResources: + items: + description: Storage version of v1api20210501.PrivateLinkResource + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + name: + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + servicePrincipalProfile: + description: Storage version of v1api20210501.ManagedClusterServicePrincipalProfile + Information about a service principal identity for the cluster to + use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + clientId: + type: string + secret: + description: SecretReference is a reference to a Kubernetes secret + and key in the same namespace as the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret being + referenced. The secret must be in the same namespace as + the resource + type: string + required: + - key + - name + type: object + type: object + sku: + description: Storage version of v1api20210501.ManagedClusterSKU The + SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + windowsProfile: + description: Storage version of v1api20210501.ManagedClusterWindowsProfile + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminPassword: + type: string + adminUsername: + type: string + enableCSIProxy: + type: boolean + licenseType: + type: string + type: object + required: + - owner + type: object + status: + description: Storage version of v1api20210501.ManagedCluster_STATUS Managed + cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + aadProfile: + description: Storage version of v1api20210501.ManagedClusterAADProfile_STATUS + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: Storage version of v1api20210501.ManagedClusterAddonProfile_STATUS + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + identity: + description: Storage version of v1api20210501.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + type: object + agentPoolProfiles: + items: + description: Storage version of v1api20210501.ManagedClusterAgentPoolProfile_STATUS + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + count: + type: integer + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + kubeletConfig: + description: Storage version of v1api20210501.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20210501.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20210501.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + nodeImageVersion: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: Storage version of v1api20210501.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + code: + type: string + type: object + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20210501.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetID: + type: string + type: object + type: array + apiServerAccessProfile: + description: Storage version of v1api20210501.ManagedClusterAPIServerAccessProfile_STATUS + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + privateDNSZone: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20210501.ManagedClusterProperties_AutoScalerProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + expander: + type: string + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: Storage version of v1api20210501.ManagedClusterAutoUpgradeProfile_STATUS + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + upgradeChannel: + type: string + type: object + azurePortalFQDN: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + disableLocalAccounts: + type: boolean + diskEncryptionSetID: + type: string + dnsPrefix: + type: string + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: Storage version of v1api20210501.ExtendedLocation_STATUS + The complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdn: + type: string + fqdnSubdomain: + type: string + httpProxyConfig: + description: Storage version of v1api20210501.ManagedClusterHTTPProxyConfig_STATUS + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + id: + type: string + identity: + description: Storage version of v1api20210501.ManagedClusterIdentity_STATUS + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + principalId: + type: string + tenantId: + type: string + type: + type: string + userAssignedIdentities: + additionalProperties: + description: Storage version of v1api20210501.ManagedClusterIdentity_UserAssignedIdentities_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + clientId: + type: string + principalId: + type: string + type: object + type: object + type: object + identityProfile: + additionalProperties: + description: Storage version of v1api20210501.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + kubernetesVersion: + type: string + linuxProfile: + description: Storage version of v1api20210501.ContainerServiceLinuxProfile_STATUS + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: Storage version of v1api20210501.ContainerServiceSshConfiguration_STATUS + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: Storage version of v1api20210501.ContainerServiceSshPublicKey_STATUS + Contains information about SSH certificate public key + data. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + maxAgentPools: + type: integer + name: + type: string + networkProfile: + description: Storage version of v1api20210501.ContainerServiceNetworkProfile_STATUS + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + dnsServiceIP: + type: string + dockerBridgeCidr: + type: string + loadBalancerProfile: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_STATUS + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + effectiveOutboundIPs: + items: + description: Storage version of v1api20210501.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + count: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPPrefixes: + items: + description: Storage version of v1api20210501.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPs: + items: + description: Storage version of v1api20210501.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + serviceCidr: + type: string + type: object + nodeResourceGroup: + type: string + podIdentityProfile: + description: Storage version of v1api20210501.ManagedClusterPodIdentityProfile_STATUS + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on pod identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: Storage version of v1api20210501.ManagedClusterPodIdentity_STATUS + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + bindingSelector: + type: string + identity: + description: Storage version of v1api20210501.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + name: + type: string + namespace: + type: string + provisioningInfo: + description: Storage version of v1api20210501.ManagedClusterPodIdentity_ProvisioningInfo_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + error: + description: Storage version of v1api20210501.ManagedClusterPodIdentityProvisioningError_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + error: + description: Storage version of v1api20210501.ManagedClusterPodIdentityProvisioningErrorBody_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set + of stashed information that used for properties + not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + details: + items: + description: Storage version of v1api20210501.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered + set of stashed information that used + for properties not directly supported + by storage resources, allowing for full + fidelity round trip conversions + type: object + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: + type: string + target: + type: string + type: object + type: object + type: object + provisioningState: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: Storage version of v1api20210501.ManagedClusterPodIdentityException_STATUS + See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + powerState: + description: Storage version of v1api20210501.PowerState_STATUS Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + privateFQDN: + type: string + privateLinkResources: + items: + description: Storage version of v1api20210501.PrivateLinkResource_STATUS + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + id: + type: string + name: + type: string + privateLinkServiceID: + type: string + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + provisioningState: + type: string + servicePrincipalProfile: + description: Storage version of v1api20210501.ManagedClusterServicePrincipalProfile_STATUS + Information about a service principal identity for the cluster to + use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + clientId: + type: string + type: object + sku: + description: Storage version of v1api20210501.ManagedClusterSKU_STATUS + The SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + type: + type: string + windowsProfile: + description: Storage version of v1api20210501.ManagedClusterWindowsProfile_STATUS + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminPassword: + type: string + adminUsername: + type: string + enableCSIProxy: + type: boolean + licenseType: + type: string + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230201 + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-02-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: (DEPRECATED) The client AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: (DEPRECATED) The server AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + serverAppSecret: + description: 'ServerAppSecret: (DEPRECATED) The server AAD application + secret. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + tenantID: + description: 'TenantID: The AAD tenant ID to use for authentication. + If not specified, will use the tenant of the deployment subscription.' + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + required: + - enabled + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones + to use for nodes. This can only be specified if the AgentPoolType + property is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for + system pools. The default value is 1.' + type: integer + creationData: + description: 'CreationData: CreationData to be used to specify + the source Snapshot ID if the node pool will be created/upgraded + using a snapshot.' + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID + of the source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported + on certain VM sizes and in certain Azure regions. For more + information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require + nodes in a node pool to receive their own dedicated public + IP addresses. A common scenario is for gaming workloads, where + a console needs to make a direct connection to a cloud virtual + machine to minimize hops. For more information see [assigning + a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + hostGroupReference: + description: 'HostGroupReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of + container log files that can be present for a container. + The number must be ≥ 2.' + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' + Valid values are a sequence of decimal numbers with an + optional fraction and a unit suffix. For example: ''300ms'', + ''2h45m''. Supported units are ''ns'', ''us'', ''ms'', + ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. + See [Kubernetes CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and + ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information + see [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', + ''best-effort'', ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral + storage.' + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are + ''always'', ''defer'', ''defer+madvise'', ''madvise'' + and ''never''. The default is ''madvise''. For more information + see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are + ''always'', ''madvise'', and ''never''. The default is + ''always''. For more information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' + Agent Pool at all times. For additional information on agent + pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + enum: + - System + - User + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + pattern: ^[a-z][a-z0-9]{0,11}$ + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixReference: + description: 'NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch + version is chosen automatically. Updating the cluster with + the same once it has been created (e.g. 1.14.x + -> 1.14) will not trigger an upgrade, even if a newer patch + version is available. As a best practice, you should upgrade + all node pools in an AKS cluster to the same Kubernetes version. + The node pool version must have the same major version as + the control plane. The node pool minor version must be within + two minor versions of the control plane version. The node + pool version cannot be greater than the control plane version. + For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the + VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to ''Managed''. May not + be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent + pool. The default is Ubuntu if OSType is Linux. The default + is Windows2019 when Kubernetes <= 1.24 or Windows2022 when + Kubernetes >= 1.25 if OSType is Windows.' + enum: + - CBLMariner + - Ubuntu + - Windows2019 + - Windows2022 + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + enum: + - Linux + - Windows + type: string + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: 'PowerState: When an Agent Pool is first created + it is initially Running. The Agent Pool can be stopped by + setting this field to Stopped. A stopped Agent Pool stops + all of its VMs and does not accrue billing charges. An Agent + Pool can only be stopped if it is Running and provisioning + state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified + unless the scaleSetPriority is ''Spot''. If not specified, + the default is ''Delete''.' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal + value greater than zero or -1 which indicates the willingness + to pay any on-demand price. For more details on spot pricing, + see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer + (e.g. ''5'') or a percentage (e.g. ''50%''). If a percentage + is specified, it is the percentage of the total agent + pool size at the time of the upgrade. For percentages, + fractional nodes are rounded up. If not specified, the + default is 1. For more information, including best practices, + see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. + If a node contains insufficient compute resources (memory, + cpu, etc) pods might fail to run correctly. For more details + on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, + a VNET and subnet will be generated and used. If no podSubnetID + is specified, this applies to nodes and pods, otherwise it + applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + enum: + - OCIContainer + - WasmWasi + type: string + required: + - name + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: 'AuthorizedIPRanges: IP ranges are specified in CIDR + format, e.g. 137.117.106.88/29. This feature is not compatible + with clusters that use Public IP Per Node, or clusters that + are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges).' + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: 'EnablePrivateCluster: For more details, see [Creating + a private AKS cluster](https://docs.microsoft.com/azure/aks/private-clusters).' + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + privateDNSZone: + description: 'PrivateDNSZone: The default is System. For more + details see [configure private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). + Allowed values are ''system'' and ''none''.' + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: 'Expander: If not specified, the default is ''random''. + See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information.' + enum: + - least-waste + - most-pods + - priority + - random + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: 'MaxNodeProvisionTime: The default is ''15m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: 'NewPodScaleUpDelay: For scenarios like burst/batch + scale where you don''t want CA to act before the kubernetes + scheduler could schedule all the pods, you can tell CA to ignore + unscheduled pods before they''re a certain age. The default + is ''0s''. Values must be an integer followed by a unit (''s'' + for seconds, ''m'' for minutes, ''h'' for hours, etc).' + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: 'ScaleDownDelayAfterAdd: The default is ''10m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-delete: + description: 'ScaleDownDelayAfterDelete: The default is the scan-interval. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-failure: + description: 'ScaleDownDelayAfterFailure: The default is ''3m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-unneeded-time: + description: 'ScaleDownUnneededTime: The default is ''10m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-unready-time: + description: 'ScaleDownUnreadyTime: The default is ''20m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + upgradeChannel: + description: 'UpgradeChannel: For more information see [setting + the AKS cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel).' + enum: + - node-image + - none + - patch + - rapid + - stable + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Azure Monitor addon profiles for + monitoring the managed cluster.' + properties: + metrics: + description: 'Metrics: Metrics profile for the Azure Monitor managed + service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace + and configure additional scraping for custom targets. See aka.ms/AzureManagedPrometheus + for an overview.' + properties: + enabled: + description: 'Enabled: Whether to enable or disable the Azure + Managed Prometheus addon for Prometheus monitoring. See + aka.ms/AzureManagedPrometheus-aks-enable for details on + enabling and disabling.' + type: boolean + kubeStateMetrics: + description: 'KubeStateMetrics: Kube State Metrics profile + for the Azure Managed Prometheus addon. These optional settings + are for the kube-state-metrics pod that is deployed with + the addon. See aka.ms/AzureManagedPrometheus-optional-parameters + for details.' + properties: + metricAnnotationsAllowList: + description: 'MetricAnnotationsAllowList: Comma-separated + list of Kubernetes annotation keys that will be used + in the resource''s labels metric (Example: ''namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...''). + By default the metric contains only resource name and + namespace labels.' + type: string + metricLabelsAllowlist: + description: 'MetricLabelsAllowlist: Comma-separated list + of additional Kubernetes label keys that will be used + in the resource''s labels metric (Example: ''namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...''). + By default the metric contains only resource name and + namespace labels.' + type: string + type: object + required: + - enabled + type: object + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ + type: string + disableLocalAccounts: + description: 'DisableLocalAccounts: If set to true, getting static + credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details + see [disable local accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview).' + type: boolean + diskEncryptionSetReference: + description: 'DiskEncryptionSetReference: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enablePodSecurityPolicy: + description: 'EnablePodSecurityPolicy: (DEPRECATED) Whether to enable + Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. + Learn more at https://aka.ms/k8s/psp and https://aka.ms/aks/psp.' + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + enum: + - EdgeZone + type: string + type: object + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + type: + description: 'Type: For more information see [use managed identities + in AKS](https://docs.microsoft.com/azure/aks/use-managed-identity).' + enum: + - None + - SystemAssigned + - UserAssigned + type: string + userAssignedIdentities: + description: 'UserAssignedIdentities: The keys must be ARM resource + IDs in the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''.' + items: + description: Information about the user assigned identity for + the resource + properties: + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + kubernetesVersion: + description: 'KubernetesVersion: Both patch version + (e.g. 1.20.13) and (e.g. 1.20) are supported. When + is specified, the latest supported GA patch version + is chosen automatically. Updating the cluster with the same + once it has been created (e.g. 1.14.x -> 1.14) will not trigger + an upgrade, even if a newer patch version is available. When you + upgrade a supported AKS cluster, Kubernetes minor versions cannot + be skipped. All upgrades must be performed sequentially by major + version number. For example, upgrades between 1.14.x -> 1.15.x or + 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. + See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) + for more details.' + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + pattern: ^[A-Za-z][-A-Za-z0-9_]*$ + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: 'KeyData: Certificate public key used to + authenticate with VMs through SSH. The certificate + must be in PEM format with or without headers.' + type: string + required: + - keyData + type: object + type: array + required: + - publicKeys + type: object + required: + - adminUsername + - ssh + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: 'DnsServiceIP: An IP address assigned to the Kubernetes + DNS service. It must be within the Kubernetes service address + range specified in serviceCidr.' + pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ + type: string + dockerBridgeCidr: + description: 'DockerBridgeCidr: A CIDR notation IP range assigned + to the Docker bridge network. It must not overlap with any Subnet + IP ranges or the Kubernetes service address range.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + ipFamilies: + description: 'IpFamilies: IP families are used to determine single-stack + or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6.' + items: + enum: + - IPv4 + - IPv6 + type: string + type: array + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: 'AllocatedOutboundPorts: The desired number of + allocated SNAT ports per VM. Allowed values are in the range + of 0 to 64000 (inclusive). The default value is 0 which + results in Azure dynamically allocating ports.' + maximum: 64000 + minimum: 0 + type: integer + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 30 minutes.' + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: 'Count: The desired number of IPv4 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 1.' + maximum: 100 + minimum: 1 + type: integer + countIPv6: + description: 'CountIPv6: The desired number of IPv6 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 0 for single-stack and 1 for dual-stack.' + maximum: 100 + minimum: 0 + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + description: 'LoadBalancerSku: The default is ''standard''. See + [Azure Load Balancer SKUs](https://docs.microsoft.com/azure/load-balancer/skus) + for more information about the differences between load balancer + SKUs.' + enum: + - basic + - standard + type: string + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 4 minutes.' + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: 'Count: The desired number of outbound IPs + created/managed by Azure. Allowed values must be in + the range of 1 to 16 (inclusive). The default value + is 1.' + maximum: 16 + minimum: 1 + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + enum: + - azure + - cilium + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + enum: + - bridge + - transparent + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + enum: + - azure + - kubenet + - none + type: string + networkPluginMode: + description: 'NetworkPluginMode: The mode the network plugin should + use.' + enum: + - overlay + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + enum: + - azure + - calico + - cilium + type: string + outboundType: + description: 'OutboundType: This can only be set at cluster creation + time and cannot be changed later. For more information see [egress + outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype).' + enum: + - loadBalancer + - managedNATGateway + - userAssignedNATGateway + - userDefinedRouting + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + podCidrs: + description: 'PodCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking.' + items: + type: string + type: array + serviceCidr: + description: 'ServiceCidr: A CIDR notation IP range from which + to assign service cluster IPs. It must not overlap with any + Subnet IP ranges.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + serviceCidrs: + description: 'ServiceCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with + any Subnet IP ranges.' + items: + type: string + type: array + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + type: object + operatorSpec: + description: 'OperatorSpec: The specification for configuring operator + behavior. This field is interpreted by the operator and not passed + directly to Azure' + properties: + configMaps: + description: 'ConfigMaps: configures where to place operator written + ConfigMaps.' + properties: + oidcIssuerProfile: + description: 'OIDCIssuerProfile: indicates where the OIDCIssuerProfile + config map should be placed. If omitted, no config map will + be created.' + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: Name is the name of the Kubernetes ConfigMap + being referenced. The ConfigMap must be in the same + namespace as the resource + type: string + required: + - key + - name + type: object + type: object + secrets: + description: 'Secrets: configures where to place Azure generated + secrets.' + properties: + adminCredentials: + description: 'AdminCredentials: indicates where the AdminCredentials + secret should be placed. If omitted, the secret will not + be retrieved from Azure.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: 'UserCredentials: indicates where the UserCredentials + secret should be placed. If omitted, the secret will not + be retrieved from Azure.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: 'PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on AAD pod identity integration.' + properties: + allowNetworkPluginKubenet: + description: 'AllowNetworkPluginKubenet: Running in Kubenet is + disabled by default due to the security related nature of AAD + Pod Identity and the risks of IP spoofing. See [using Kubenet + network plugin with AAD Pod Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information.' + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + required: + - identity + - name + - namespace + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + required: + - name + - namespace + - podLabels + type: object + type: array + type: object + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + enum: + - Disabled + - Enabled + type: string + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: 'AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) + settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: 'KeyId: Identifier of Azure Key Vault key. See + [key identifier format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service + is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service + is disabled, leave the field empty.' + type: string + keyVaultNetworkAccess: + description: 'KeyVaultNetworkAccess: Network access of key + vault. The possible values are `Public` and `Private`. `Public` + means the key vault allows public access from all networks. + `Private` means the key vault disables public access and + enables private link. The default value is `Public`.' + enum: + - Private + - Public + type: string + keyVaultResourceReference: + description: 'KeyVaultResourceReference: Resource ID of key + vault. When keyVaultNetworkAccess is `Private`, this field + is required and must be a valid resource ID. When keyVaultNetworkAccess + is `Public`, leave the field empty.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceReference: + description: 'LogAnalyticsWorkspaceResourceReference: Resource + ID of the Log Analytics workspace to be associated with + Microsoft Defender. When Microsoft Defender is enabled, + this field is required and must be a valid workspace resource + ID. When Microsoft Defender is disabled, leave the field + empty.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + workloadIdentity: + description: 'WorkloadIdentity: Workload identity settings for + the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See + https://aka.ms/aks/wi for more details.' + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + servicePrincipalProfile: + description: 'ServicePrincipalProfile: Information about a service + principal identity for the cluster to use for manipulating Azure + APIs.' + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + secret: + description: 'Secret: The secret password associated with the + service principal in plain text.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret being + referenced. The secret must be in the same namespace as + the resource + type: string + required: + - key + - name + type: object + required: + - clientId + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + enum: + - Base + type: string + tier: + description: 'Tier: If not specified, the default is ''Free''. + See [AKS Pricing Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) + for more details.' + enum: + - Free + - Standard + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: 'AdminPassword: Specifies the password of the administrator + account. Minimum-length: 8 characters Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to + be fulfilled Has lower characters Has upper characters Has a + digit Has a special character (Regex match [\W_]) Disallowed + values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", + "Pa$$$$word", "pass@word1", "Password!", "Password1", "Password22", + "iloveyou!"' + type: string + adminUsername: + description: 'AdminUsername: Specifies the name of the administrator + account. Restriction: Cannot end in "." Disallowed values: "administrator", + "admin", "user", "user1", "test", "user2", "test1", "user3", + "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", + "backup", "console", "david", "guest", "john", "owner", "root", + "server", "sql", "support", "support_388945a0", "sys", "test2", + "test3", "user4", "user5". Minimum-length: 1 character Max-length: + 20 characters' + type: string + enableCSIProxy: + description: 'EnableCSIProxy: For more details on CSI proxy, see + the [CSI proxy GitHub repo](https://github.com/kubernetes-csi/csi-proxy).' + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: 'DnsServer: Specifies the DNS server for Windows + gMSA. Set it to empty if you have configured the DNS server + in the vnet which is used to create the managed cluster.' + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: 'RootDomainName: Specifies the root domain name + for Windows gMSA. Set it to empty if you have configured + the DNS server in the vnet which is used to create the managed + cluster.' + type: string + type: object + licenseType: + description: 'LicenseType: The license type to use for Windows + VMs. See [Azure Hybrid User Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) + for more details.' + enum: + - None + - Windows_Server + type: string + required: + - adminUsername + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + required: + - enabled + type: object + type: object + required: + - location + - owner + type: object + status: + description: Managed cluster. + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: (DEPRECATED) The client AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: (DEPRECATED) The server AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + serverAppSecret: + description: 'ServerAppSecret: (DEPRECATED) The server AAD application + secret. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + tenantID: + description: 'TenantID: The AAD tenant ID to use for authentication. + If not specified, will use the tenant of the deployment subscription.' + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + identity: + description: 'Identity: Information of user assigned identity + used by this add-on.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones + to use for nodes. This can only be specified if the AgentPoolType + property is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for + system pools. The default value is 1.' + type: integer + creationData: + description: 'CreationData: CreationData to be used to specify + the source Snapshot ID if the node pool will be created/upgraded + using a snapshot.' + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the + source object to be used to create the target object.' + type: string + type: object + currentOrchestratorVersion: + description: 'CurrentOrchestratorVersion: If orchestratorVersion + is a fully specified version , this field + will be exactly equal to it. If orchestratorVersion is , + this field will contain the full version + being used.' + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported + on certain VM sizes and in certain Azure regions. For more + information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require + nodes in a node pool to receive their own dedicated public + IP addresses. A common scenario is for gaming workloads, where + a console needs to make a direct connection to a cloud virtual + machine to minimize hops. For more information see [assigning + a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + hostGroupID: + description: 'HostGroupID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of + container log files that can be present for a container. + The number must be ≥ 2.' + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' + Valid values are a sequence of decimal numbers with an + optional fraction and a unit suffix. For example: ''300ms'', + ''2h45m''. Supported units are ''ns'', ''us'', ''ms'', + ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. + See [Kubernetes CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and + ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information + see [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', + ''best-effort'', ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral + storage.' + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are + ''always'', ''defer'', ''defer+madvise'', ''madvise'' + and ''never''. The default is ''madvise''. For more information + see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are + ''always'', ''madvise'', and ''never''. The default is + ''always''. For more information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' + Agent Pool at all times. For additional information on agent + pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + type: string + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: 'NodePublicIPPrefixID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch + version is chosen automatically. Updating the cluster with + the same once it has been created (e.g. 1.14.x + -> 1.14) will not trigger an upgrade, even if a newer patch + version is available. As a best practice, you should upgrade + all node pools in an AKS cluster to the same Kubernetes version. + The node pool version must have the same major version as + the control plane. The node pool minor version must be within + two minor versions of the control plane version. The node + pool version cannot be greater than the control plane version. + For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the + VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to ''Managed''. May not + be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent + pool. The default is Ubuntu if OSType is Linux. The default + is Windows2019 when Kubernetes <= 1.24 or Windows2022 when + Kubernetes >= 1.25 if OSType is Windows.' + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + type: string + podSubnetID: + description: 'PodSubnetID: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + powerState: + description: 'PowerState: When an Agent Pool is first created + it is initially Running. The Agent Pool can be stopped by + setting this field to Stopped. A stopped Agent Pool stops + all of its VMs and does not accrue billing charges. An Agent + Pool can only be stopped if it is Running and provisioning + state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + type: string + type: object + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity + Placement Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified + unless the scaleSetPriority is ''Spot''. If not specified, + the default is ''Delete''.' + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal + value greater than zero or -1 which indicates the willingness + to pay any on-demand price. For more details on spot pricing, + see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer + (e.g. ''5'') or a percentage (e.g. ''50%''). If a percentage + is specified, it is the percentage of the total agent + pool size at the time of the upgrade. For percentages, + fractional nodes are rounded up. If not specified, the + default is 1. For more information, including best practices, + see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. + If a node contains insufficient compute resources (memory, + cpu, etc) pods might fail to run correctly. For more details + on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetID: + description: 'VnetSubnetID: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies + to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + type: string + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: 'AuthorizedIPRanges: IP ranges are specified in CIDR + format, e.g. 137.117.106.88/29. This feature is not compatible + with clusters that use Public IP Per Node, or clusters that + are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges).' + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: 'EnablePrivateCluster: For more details, see [Creating + a private AKS cluster](https://docs.microsoft.com/azure/aks/private-clusters).' + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + privateDNSZone: + description: 'PrivateDNSZone: The default is System. For more + details see [configure private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). + Allowed values are ''system'' and ''none''.' + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: 'Expander: If not specified, the default is ''random''. + See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information.' + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: 'MaxNodeProvisionTime: The default is ''15m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: 'NewPodScaleUpDelay: For scenarios like burst/batch + scale where you don''t want CA to act before the kubernetes + scheduler could schedule all the pods, you can tell CA to ignore + unscheduled pods before they''re a certain age. The default + is ''0s''. Values must be an integer followed by a unit (''s'' + for seconds, ''m'' for minutes, ''h'' for hours, etc).' + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: 'ScaleDownDelayAfterAdd: The default is ''10m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-delete: + description: 'ScaleDownDelayAfterDelete: The default is the scan-interval. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-failure: + description: 'ScaleDownDelayAfterFailure: The default is ''3m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-unneeded-time: + description: 'ScaleDownUnneededTime: The default is ''10m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-unready-time: + description: 'ScaleDownUnreadyTime: The default is ''20m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + upgradeChannel: + description: 'UpgradeChannel: For more information see [setting + the AKS cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel).' + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Azure Monitor addon profiles for + monitoring the managed cluster.' + properties: + metrics: + description: 'Metrics: Metrics profile for the Azure Monitor managed + service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace + and configure additional scraping for custom targets. See aka.ms/AzureManagedPrometheus + for an overview.' + properties: + enabled: + description: 'Enabled: Whether to enable or disable the Azure + Managed Prometheus addon for Prometheus monitoring. See + aka.ms/AzureManagedPrometheus-aks-enable for details on + enabling and disabling.' + type: boolean + kubeStateMetrics: + description: 'KubeStateMetrics: Kube State Metrics profile + for the Azure Managed Prometheus addon. These optional settings + are for the kube-state-metrics pod that is deployed with + the addon. See aka.ms/AzureManagedPrometheus-optional-parameters + for details.' + properties: + metricAnnotationsAllowList: + description: 'MetricAnnotationsAllowList: Comma-separated + list of Kubernetes annotation keys that will be used + in the resource''s labels metric (Example: ''namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...''). + By default the metric contains only resource name and + namespace labels.' + type: string + metricLabelsAllowlist: + description: 'MetricLabelsAllowlist: Comma-separated list + of additional Kubernetes label keys that will be used + in the resource''s labels metric (Example: ''namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...''). + By default the metric contains only resource name and + namespace labels.' + type: string + type: object + type: object + type: object + azurePortalFQDN: + description: 'AzurePortalFQDN: The Azure Portal requires certain Cross-Origin + Resource Sharing (CORS) headers to be sent in some responses, which + Kubernetes APIServer doesn''t handle by default. This special FQDN + supports CORS, allowing the Azure Portal to function properly.' + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + currentKubernetesVersion: + description: 'CurrentKubernetesVersion: If kubernetesVersion was a + fully specified version , this field will be + exactly equal to it. If kubernetesVersion was , this + field will contain the full version being used.' + type: string + disableLocalAccounts: + description: 'DisableLocalAccounts: If set to true, getting static + credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details + see [disable local accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview).' + type: boolean + diskEncryptionSetID: + description: 'DiskEncryptionSetID: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + type: string + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enablePodSecurityPolicy: + description: 'EnablePodSecurityPolicy: (DEPRECATED) Whether to enable + Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. + Learn more at https://aka.ms/k8s/psp and https://aka.ms/aks/psp.' + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + type: string + type: object + fqdn: + description: 'Fqdn: The FQDN of the master pool.' + type: string + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + id: + description: 'Id: Fully qualified resource ID for the resource. Ex + - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}' + type: string + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + principalId: + description: 'PrincipalId: The principal id of the system assigned + identity which is used by master components.' + type: string + tenantId: + description: 'TenantId: The tenant id of the system assigned identity + which is used by master components.' + type: string + type: + description: 'Type: For more information see [use managed identities + in AKS](https://docs.microsoft.com/azure/aks/use-managed-identity).' + type: string + userAssignedIdentities: + additionalProperties: + properties: + clientId: + description: 'ClientId: The client id of user assigned identity.' + type: string + principalId: + description: 'PrincipalId: The principal id of user assigned + identity.' + type: string + type: object + description: 'UserAssignedIdentities: The keys must be ARM resource + IDs in the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''.' + type: object + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + kubernetesVersion: + description: 'KubernetesVersion: Both patch version + (e.g. 1.20.13) and (e.g. 1.20) are supported. When + is specified, the latest supported GA patch version + is chosen automatically. Updating the cluster with the same + once it has been created (e.g. 1.14.x -> 1.14) will not trigger + an upgrade, even if a newer patch version is available. When you + upgrade a supported AKS cluster, Kubernetes minor versions cannot + be skipped. All upgrades must be performed sequentially by major + version number. For example, upgrades between 1.14.x -> 1.15.x or + 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. + See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) + for more details.' + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: 'KeyData: Certificate public key used to + authenticate with VMs through SSH. The certificate + must be in PEM format with or without headers.' + type: string + type: object + type: array + type: object + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + maxAgentPools: + description: 'MaxAgentPools: The max number of agent pools for the + managed cluster.' + type: integer + name: + description: 'Name: The name of the resource' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: 'DnsServiceIP: An IP address assigned to the Kubernetes + DNS service. It must be within the Kubernetes service address + range specified in serviceCidr.' + type: string + dockerBridgeCidr: + description: 'DockerBridgeCidr: A CIDR notation IP range assigned + to the Docker bridge network. It must not overlap with any Subnet + IP ranges or the Kubernetes service address range.' + type: string + ipFamilies: + description: 'IpFamilies: IP families are used to determine single-stack + or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6.' + items: + type: string + type: array + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: 'AllocatedOutboundPorts: The desired number of + allocated SNAT ports per VM. Allowed values are in the range + of 0 to 64000 (inclusive). The default value is 0 which + results in Azure dynamically allocating ports.' + type: integer + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 30 minutes.' + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: 'Count: The desired number of IPv4 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 1.' + type: integer + countIPv6: + description: 'CountIPv6: The desired number of IPv6 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 0 for single-stack and 1 for dual-stack.' + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + description: 'LoadBalancerSku: The default is ''standard''. See + [Azure Load Balancer SKUs](https://docs.microsoft.com/azure/load-balancer/skus) + for more information about the differences between load balancer + SKUs.' + type: string + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 4 minutes.' + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: 'Count: The desired number of outbound IPs + created/managed by Azure. Allowed values must be in + the range of 1 to 16 (inclusive). The default value + is 1.' + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + type: string + networkPluginMode: + description: 'NetworkPluginMode: The mode the network plugin should + use.' + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + type: string + outboundType: + description: 'OutboundType: This can only be set at cluster creation + time and cannot be changed later. For more information see [egress + outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype).' + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + type: string + podCidrs: + description: 'PodCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking.' + items: + type: string + type: array + serviceCidr: + description: 'ServiceCidr: A CIDR notation IP range from which + to assign service cluster IPs. It must not overlap with any + Subnet IP ranges.' + type: string + serviceCidrs: + description: 'ServiceCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with + any Subnet IP ranges.' + items: + type: string + type: array + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + issuerURL: + description: 'IssuerURL: The OIDC issuer url of the Managed Cluster.' + type: string + type: object + podIdentityProfile: + description: 'PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on AAD pod identity integration.' + properties: + allowNetworkPluginKubenet: + description: 'AllowNetworkPluginKubenet: Running in Kubenet is + disabled by default due to the security related nature of AAD + Pod Identity and the risks of IP spoofing. See [using Kubenet + network plugin with AAD Pod Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information.' + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user + assigned identity.' + type: string + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + provisioningInfo: + properties: + error: + description: 'Error: Pod identity assignment error (if + any).' + properties: + error: + description: 'Error: Details about the error.' + properties: + code: + description: 'Code: An identifier for the error. + Codes are invariant and are intended to be + consumed programmatically.' + type: string + details: + description: 'Details: A list of additional + details about the error.' + items: + properties: + code: + description: 'Code: An identifier for + the error. Codes are invariant and are + intended to be consumed programmatically.' + type: string + message: + description: 'Message: A message describing + the error, intended to be suitable for + display in a user interface.' + type: string + target: + description: 'Target: The target of the + particular error. For example, the name + of the property in error.' + type: string + type: object + type: array + message: + description: 'Message: A message describing + the error, intended to be suitable for display + in a user interface.' + type: string + target: + description: 'Target: The target of the particular + error. For example, the name of the property + in error.' + type: string + type: object + type: object + type: object + provisioningState: + description: 'ProvisioningState: The current provisioning + state of the pod identity.' + type: string + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + type: object + type: array + type: object + powerState: + description: 'PowerState: The Power State of the cluster.' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + privateFQDN: + description: 'PrivateFQDN: The FQDN of private cluster.' + type: string + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + id: + description: 'Id: The ID of the private link resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + privateLinkServiceID: + description: 'PrivateLinkServiceID: The private link service + ID of the resource, this field is exposed only to NRP internally.' + type: string + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + provisioningState: + description: 'ProvisioningState: The current provisioning state.' + type: string + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + type: string + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: 'AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) + settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: 'KeyId: Identifier of Azure Key Vault key. See + [key identifier format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service + is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service + is disabled, leave the field empty.' + type: string + keyVaultNetworkAccess: + description: 'KeyVaultNetworkAccess: Network access of key + vault. The possible values are `Public` and `Private`. `Public` + means the key vault allows public access from all networks. + `Private` means the key vault disables public access and + enables private link. The default value is `Public`.' + type: string + keyVaultResourceId: + description: 'KeyVaultResourceId: Resource ID of key vault. + When keyVaultNetworkAccess is `Private`, this field is required + and must be a valid resource ID. When keyVaultNetworkAccess + is `Public`, leave the field empty.' + type: string + type: object + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceId: + description: 'LogAnalyticsWorkspaceResourceId: Resource ID + of the Log Analytics workspace to be associated with Microsoft + Defender. When Microsoft Defender is enabled, this field + is required and must be a valid workspace resource ID. When + Microsoft Defender is disabled, leave the field empty.' + type: string + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + workloadIdentity: + description: 'WorkloadIdentity: Workload identity settings for + the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See + https://aka.ms/aks/wi for more details.' + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + servicePrincipalProfile: + description: 'ServicePrincipalProfile: Information about a service + principal identity for the cluster to use for manipulating Azure + APIs.' + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + type: string + tier: + description: 'Tier: If not specified, the default is ''Free''. + See [AKS Pricing Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) + for more details.' + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + systemData: + description: 'SystemData: Azure Resource Manager metadata containing + createdBy and modifiedBy information.' + properties: + createdAt: + description: 'CreatedAt: The timestamp of resource creation (UTC).' + type: string + createdBy: + description: 'CreatedBy: The identity that created the resource.' + type: string + createdByType: + description: 'CreatedByType: The type of identity that created + the resource.' + type: string + lastModifiedAt: + description: 'LastModifiedAt: The timestamp of resource last modification + (UTC)' + type: string + lastModifiedBy: + description: 'LastModifiedBy: The identity that last modified + the resource.' + type: string + lastModifiedByType: + description: 'LastModifiedByType: The type of identity that last + modified the resource.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" + or "Microsoft.Storage/storageAccounts"' + type: string + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: 'AdminPassword: Specifies the password of the administrator + account. Minimum-length: 8 characters Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to + be fulfilled Has lower characters Has upper characters Has a + digit Has a special character (Regex match [\W_]) Disallowed + values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", + "Pa$$$$word", "pass@word1", "Password!", "Password1", "Password22", + "iloveyou!"' + type: string + adminUsername: + description: 'AdminUsername: Specifies the name of the administrator + account. Restriction: Cannot end in "." Disallowed values: "administrator", + "admin", "user", "user1", "test", "user2", "test1", "user3", + "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", + "backup", "console", "david", "guest", "john", "owner", "root", + "server", "sql", "support", "support_388945a0", "sys", "test2", + "test3", "user4", "user5". Minimum-length: 1 character Max-length: + 20 characters' + type: string + enableCSIProxy: + description: 'EnableCSIProxy: For more details on CSI proxy, see + the [CSI proxy GitHub repo](https://github.com/kubernetes-csi/csi-proxy).' + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: 'DnsServer: Specifies the DNS server for Windows + gMSA. Set it to empty if you have configured the DNS server + in the vnet which is used to create the managed cluster.' + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: 'RootDomainName: Specifies the root domain name + for Windows gMSA. Set it to empty if you have configured + the DNS server in the vnet which is used to create the managed + cluster.' + type: string + type: object + licenseType: + description: 'LicenseType: The license type to use for Windows + VMs. See [Azure Hybrid User Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) + for more details.' + type: string + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + type: object + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230201storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20230201.ManagedCluster Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-02-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20230201.ManagedCluster_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + aadProfile: + description: Storage version of v1api20230201.ManagedClusterAADProfile + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: Storage version of v1api20230201.ManagedClusterAddonProfile + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + type: object + type: object + agentPoolProfiles: + items: + description: Storage version of v1api20230201.ManagedClusterAgentPoolProfile + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + count: + type: integer + creationData: + description: Storage version of v1api20230201.CreationData Data + used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID + of the source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupReference: + description: 'HostGroupReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: Storage version of v1api20230201.KubeletConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20230201.LinuxOSConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20230201.SysctlConfig + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixReference: + description: 'NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: Storage version of v1api20230201.PowerState Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + code: + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20230201.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, + a VNET and subnet will be generated and used. If no podSubnetID + is specified, this applies to nodes and pods, otherwise it + applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + type: string + type: object + type: array + apiServerAccessProfile: + description: Storage version of v1api20230201.ManagedClusterAPIServerAccessProfile + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + disableRunCommand: + type: boolean + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + privateDNSZone: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20230201.ManagedClusterProperties_AutoScalerProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + expander: + type: string + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: Storage version of v1api20230201.ManagedClusterAutoUpgradeProfile + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + upgradeChannel: + type: string + type: object + azureMonitorProfile: + description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfile + Azure Monitor addon profiles for monitoring the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + metrics: + description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfileMetrics + Metrics profile for the Azure Monitor managed service for Prometheus + addon. Collect out-of-the-box Kubernetes infrastructure metrics + to send to an Azure Monitor Workspace and configure additional + scraping for custom targets. See aka.ms/AzureManagedPrometheus + for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + kubeStateMetrics: + description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfileKubeStateMetrics + Kube State Metrics profile for the Azure Managed Prometheus + addon. These optional settings are for the kube-state-metrics + pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters + for details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + metricAnnotationsAllowList: + type: string + metricLabelsAllowlist: + type: string + type: object + type: object + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ + type: string + disableLocalAccounts: + type: boolean + diskEncryptionSetReference: + description: 'DiskEncryptionSetReference: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + type: string + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: Storage version of v1api20230201.ExtendedLocation The + complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdnSubdomain: + type: string + httpProxyConfig: + description: Storage version of v1api20230201.ManagedClusterHTTPProxyConfig + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + identity: + description: Storage version of v1api20230201.ManagedClusterIdentity + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + type: + type: string + userAssignedIdentities: + items: + description: Storage version of v1api20230201.UserAssignedIdentityDetails + Information about the user assigned identity for the resource + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: Storage version of v1api20230201.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: object + kubernetesVersion: + type: string + linuxProfile: + description: Storage version of v1api20230201.ContainerServiceLinuxProfile + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: Storage version of v1api20230201.ContainerServiceSshConfiguration + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: Storage version of v1api20230201.ContainerServiceSshPublicKey + Contains information about SSH certificate public key + data. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + networkProfile: + description: Storage version of v1api20230201.ContainerServiceNetworkProfile + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + dnsServiceIP: + type: string + dockerBridgeCidr: + type: string + ipFamilies: + items: + type: string + type: array + loadBalancerProfile: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + effectiveOutboundIPs: + items: + description: Storage version of v1api20230201.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + enableMultipleStandardLoadBalancers: + type: boolean + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + count: + type: integer + countIPv6: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPPrefixes: + items: + description: Storage version of v1api20230201.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPs: + items: + description: Storage version of v1api20230201.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + natGatewayProfile: + description: Storage version of v1api20230201.ManagedClusterNATGatewayProfile + Profile of the managed cluster NAT gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + effectiveOutboundIPs: + items: + description: Storage version of v1api20230201.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPProfile: + description: Storage version of v1api20230201.ManagedClusterManagedOutboundIPProfile + Profile of the managed outbound IP resources of the managed + cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + count: + type: integer + type: object + type: object + networkDataplane: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPluginMode: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + podCidrs: + items: + type: string + type: array + serviceCidr: + type: string + serviceCidrs: + items: + type: string + type: array + type: object + nodeResourceGroup: + type: string + oidcIssuerProfile: + description: Storage version of v1api20230201.ManagedClusterOIDCIssuerProfile + The OIDC issuer profile of the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + operatorSpec: + description: Storage version of v1api20230201.ManagedClusterOperatorSpec + Details for configuring operator behavior. Fields in this struct + are interpreted by the operator directly rather than being passed + to Azure + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + configMaps: + description: Storage version of v1api20230201.ManagedClusterOperatorConfigMaps + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + oidcIssuerProfile: + description: 'ConfigMapDestination describes the location + to store a single configmap value Note: This is similar + to SecretDestination in secrets.go. Changes to one should + likely also be made to the other.' + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: Name is the name of the Kubernetes ConfigMap + being referenced. The ConfigMap must be in the same + namespace as the resource + type: string + required: + - key + - name + type: object + type: object + secrets: + description: Storage version of v1api20230201.ManagedClusterOperatorSecrets + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminCredentials: + description: 'SecretDestination describes the location to + store a single secret value. Note: This is similar to ConfigMapDestination + in configmaps.go. Changes to one should likely also be made + to the other.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: 'SecretDestination describes the location to + store a single secret value. Note: This is similar to ConfigMapDestination + in configmaps.go. Changes to one should likely also be made + to the other.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + originalVersion: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: Storage version of v1api20230201.ManagedClusterPodIdentityProfile + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on pod identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: Storage version of v1api20230201.ManagedClusterPodIdentity + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + bindingSelector: + type: string + identity: + description: Storage version of v1api20230201.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + type: string + namespace: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: Storage version of v1api20230201.ManagedClusterPodIdentityException + See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + privateLinkResources: + items: + description: Storage version of v1api20230201.PrivateLinkResource + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + name: + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + publicNetworkAccess: + type: string + securityProfile: + description: Storage version of v1api20230201.ManagedClusterSecurityProfile + Security profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + azureKeyVaultKms: + description: Storage version of v1api20230201.AzureKeyVaultKms + Azure Key Vault key management service settings for the security + profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + keyId: + type: string + keyVaultNetworkAccess: + type: string + keyVaultResourceReference: + description: 'KeyVaultResourceReference: Resource ID of key + vault. When keyVaultNetworkAccess is `Private`, this field + is required and must be a valid resource ID. When keyVaultNetworkAccess + is `Public`, leave the field empty.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + defender: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileDefender + Microsoft Defender settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + logAnalyticsWorkspaceResourceReference: + description: 'LogAnalyticsWorkspaceResourceReference: Resource + ID of the Log Analytics workspace to be associated with + Microsoft Defender. When Microsoft Defender is enabled, + this field is required and must be a valid workspace resource + ID. When Microsoft Defender is disabled, leave the field + empty.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + securityMonitoring: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileDefenderSecurityMonitoring + Microsoft Defender settings for the security profile threat + detection. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + enabled: + type: boolean + type: object + type: object + imageCleaner: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileImageCleaner + Image Cleaner removes unused images from nodes, freeing up disk + space and helping to reduce attack surface area. Here are settings + for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + intervalHours: + type: integer + type: object + workloadIdentity: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileWorkloadIdentity + Workload identity settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + servicePrincipalProfile: + description: Storage version of v1api20230201.ManagedClusterServicePrincipalProfile + Information about a service principal identity for the cluster to + use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + clientId: + type: string + secret: + description: SecretReference is a reference to a Kubernetes secret + and key in the same namespace as the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret being + referenced. The secret must be in the same namespace as + the resource + type: string + required: + - key + - name + type: object + type: object + sku: + description: Storage version of v1api20230201.ManagedClusterSKU The + SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + storageProfile: + description: Storage version of v1api20230201.ManagedClusterStorageProfile + Storage profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + blobCSIDriver: + description: Storage version of v1api20230201.ManagedClusterStorageProfileBlobCSIDriver + AzureBlob CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + diskCSIDriver: + description: Storage version of v1api20230201.ManagedClusterStorageProfileDiskCSIDriver + AzureDisk CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + fileCSIDriver: + description: Storage version of v1api20230201.ManagedClusterStorageProfileFileCSIDriver + AzureFile CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + snapshotController: + description: Storage version of v1api20230201.ManagedClusterStorageProfileSnapshotController + Snapshot Controller settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + tags: + additionalProperties: + type: string + type: object + windowsProfile: + description: Storage version of v1api20230201.ManagedClusterWindowsProfile + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminPassword: + type: string + adminUsername: + type: string + enableCSIProxy: + type: boolean + gmsaProfile: + description: Storage version of v1api20230201.WindowsGmsaProfile + Windows gMSA Profile in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServer: + type: string + enabled: + type: boolean + rootDomainName: + type: string + type: object + licenseType: + type: string + type: object + workloadAutoScalerProfile: + description: Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfile + Workload Auto-scaler profile for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + keda: + description: Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfileKeda + KEDA (Kubernetes Event-driven Autoscaling) settings for the + workload auto-scaler profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + required: + - owner + type: object + status: + description: Storage version of v1api20230201.ManagedCluster_STATUS Managed + cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + aadProfile: + description: Storage version of v1api20230201.ManagedClusterAADProfile_STATUS + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: Storage version of v1api20230201.ManagedClusterAddonProfile_STATUS + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + identity: + description: Storage version of v1api20230201.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + type: object + agentPoolProfiles: + items: + description: Storage version of v1api20230201.ManagedClusterAgentPoolProfile_STATUS + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + count: + type: integer + creationData: + description: Storage version of v1api20230201.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + sourceResourceId: + type: string + type: object + currentOrchestratorVersion: + type: string + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupID: + type: string + kubeletConfig: + description: Storage version of v1api20230201.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20230201.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20230201.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + nodeImageVersion: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: Storage version of v1api20230201.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + code: + type: string + type: object + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20230201.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetID: + type: string + workloadRuntime: + type: string + type: object + type: array + apiServerAccessProfile: + description: Storage version of v1api20230201.ManagedClusterAPIServerAccessProfile_STATUS + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + disableRunCommand: + type: boolean + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + privateDNSZone: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20230201.ManagedClusterProperties_AutoScalerProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + expander: + type: string + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: Storage version of v1api20230201.ManagedClusterAutoUpgradeProfile_STATUS + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + upgradeChannel: + type: string + type: object + azureMonitorProfile: + description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfile_STATUS + Azure Monitor addon profiles for monitoring the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + metrics: + description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfileMetrics_STATUS + Metrics profile for the Azure Monitor managed service for Prometheus + addon. Collect out-of-the-box Kubernetes infrastructure metrics + to send to an Azure Monitor Workspace and configure additional + scraping for custom targets. See aka.ms/AzureManagedPrometheus + for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + kubeStateMetrics: + description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS + Kube State Metrics profile for the Azure Managed Prometheus + addon. These optional settings are for the kube-state-metrics + pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters + for details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + metricAnnotationsAllowList: + type: string + metricLabelsAllowlist: + type: string + type: object + type: object + type: object + azurePortalFQDN: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + currentKubernetesVersion: + type: string + disableLocalAccounts: + type: boolean + diskEncryptionSetID: + type: string + dnsPrefix: + type: string + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: Storage version of v1api20230201.ExtendedLocation_STATUS + The complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdn: + type: string + fqdnSubdomain: + type: string + httpProxyConfig: + description: Storage version of v1api20230201.ManagedClusterHTTPProxyConfig_STATUS + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + id: + type: string + identity: + description: Storage version of v1api20230201.ManagedClusterIdentity_STATUS + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + principalId: + type: string + tenantId: + type: string + type: + type: string + userAssignedIdentities: + additionalProperties: + description: Storage version of v1api20230201.ManagedClusterIdentity_UserAssignedIdentities_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + clientId: + type: string + principalId: + type: string + type: object + type: object + type: object + identityProfile: + additionalProperties: + description: Storage version of v1api20230201.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + kubernetesVersion: + type: string + linuxProfile: + description: Storage version of v1api20230201.ContainerServiceLinuxProfile_STATUS + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: Storage version of v1api20230201.ContainerServiceSshConfiguration_STATUS + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: Storage version of v1api20230201.ContainerServiceSshPublicKey_STATUS + Contains information about SSH certificate public key + data. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + maxAgentPools: + type: integer + name: + type: string + networkProfile: + description: Storage version of v1api20230201.ContainerServiceNetworkProfile_STATUS + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + dnsServiceIP: + type: string + dockerBridgeCidr: + type: string + ipFamilies: + items: + type: string + type: array + loadBalancerProfile: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_STATUS + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + effectiveOutboundIPs: + items: + description: Storage version of v1api20230201.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + enableMultipleStandardLoadBalancers: + type: boolean + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + count: + type: integer + countIPv6: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPPrefixes: + items: + description: Storage version of v1api20230201.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPs: + items: + description: Storage version of v1api20230201.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + natGatewayProfile: + description: Storage version of v1api20230201.ManagedClusterNATGatewayProfile_STATUS + Profile of the managed cluster NAT gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + effectiveOutboundIPs: + items: + description: Storage version of v1api20230201.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPProfile: + description: Storage version of v1api20230201.ManagedClusterManagedOutboundIPProfile_STATUS + Profile of the managed outbound IP resources of the managed + cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + count: + type: integer + type: object + type: object + networkDataplane: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPluginMode: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + podCidrs: + items: + type: string + type: array + serviceCidr: + type: string + serviceCidrs: + items: + type: string + type: array + type: object + nodeResourceGroup: + type: string + oidcIssuerProfile: + description: Storage version of v1api20230201.ManagedClusterOIDCIssuerProfile_STATUS + The OIDC issuer profile of the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + issuerURL: + type: string + type: object + podIdentityProfile: + description: Storage version of v1api20230201.ManagedClusterPodIdentityProfile_STATUS + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on pod identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: Storage version of v1api20230201.ManagedClusterPodIdentity_STATUS + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + bindingSelector: + type: string + identity: + description: Storage version of v1api20230201.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + name: + type: string + namespace: + type: string + provisioningInfo: + description: Storage version of v1api20230201.ManagedClusterPodIdentity_ProvisioningInfo_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + error: + description: Storage version of v1api20230201.ManagedClusterPodIdentityProvisioningError_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + error: + description: Storage version of v1api20230201.ManagedClusterPodIdentityProvisioningErrorBody_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set + of stashed information that used for properties + not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + details: + items: + description: Storage version of v1api20230201.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered + set of stashed information that used + for properties not directly supported + by storage resources, allowing for full + fidelity round trip conversions + type: object + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: + type: string + target: + type: string + type: object + type: object + type: object + provisioningState: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: Storage version of v1api20230201.ManagedClusterPodIdentityException_STATUS + See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + powerState: + description: Storage version of v1api20230201.PowerState_STATUS Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + privateFQDN: + type: string + privateLinkResources: + items: + description: Storage version of v1api20230201.PrivateLinkResource_STATUS + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + id: + type: string + name: + type: string + privateLinkServiceID: + type: string + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + provisioningState: + type: string + publicNetworkAccess: + type: string + securityProfile: + description: Storage version of v1api20230201.ManagedClusterSecurityProfile_STATUS + Security profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + azureKeyVaultKms: + description: Storage version of v1api20230201.AzureKeyVaultKms_STATUS + Azure Key Vault key management service settings for the security + profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + keyId: + type: string + keyVaultNetworkAccess: + type: string + keyVaultResourceId: + type: string + type: object + defender: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileDefender_STATUS + Microsoft Defender settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + logAnalyticsWorkspaceResourceId: + type: string + securityMonitoring: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS + Microsoft Defender settings for the security profile threat + detection. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + enabled: + type: boolean + type: object + type: object + imageCleaner: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileImageCleaner_STATUS + Image Cleaner removes unused images from nodes, freeing up disk + space and helping to reduce attack surface area. Here are settings + for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + intervalHours: + type: integer + type: object + workloadIdentity: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileWorkloadIdentity_STATUS + Workload identity settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + servicePrincipalProfile: + description: Storage version of v1api20230201.ManagedClusterServicePrincipalProfile_STATUS + Information about a service principal identity for the cluster to + use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + clientId: + type: string + type: object + sku: + description: Storage version of v1api20230201.ManagedClusterSKU_STATUS + The SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + storageProfile: + description: Storage version of v1api20230201.ManagedClusterStorageProfile_STATUS + Storage profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + blobCSIDriver: + description: Storage version of v1api20230201.ManagedClusterStorageProfileBlobCSIDriver_STATUS + AzureBlob CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + diskCSIDriver: + description: Storage version of v1api20230201.ManagedClusterStorageProfileDiskCSIDriver_STATUS + AzureDisk CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + fileCSIDriver: + description: Storage version of v1api20230201.ManagedClusterStorageProfileFileCSIDriver_STATUS + AzureFile CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + snapshotController: + description: Storage version of v1api20230201.ManagedClusterStorageProfileSnapshotController_STATUS + Snapshot Controller settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + systemData: + description: Storage version of v1api20230201.SystemData_STATUS Metadata + pertaining to creation and last modification of the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + createdAt: + type: string + createdBy: + type: string + createdByType: + type: string + lastModifiedAt: + type: string + lastModifiedBy: + type: string + lastModifiedByType: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + type: + type: string + windowsProfile: + description: Storage version of v1api20230201.ManagedClusterWindowsProfile_STATUS + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminPassword: + type: string + adminUsername: + type: string + enableCSIProxy: + type: boolean + gmsaProfile: + description: Storage version of v1api20230201.WindowsGmsaProfile_STATUS + Windows gMSA Profile in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServer: + type: string + enabled: + type: boolean + rootDomainName: + type: string + type: object + licenseType: + type: string + type: object + workloadAutoScalerProfile: + description: Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfile_STATUS + Workload Auto-scaler profile for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + keda: + description: Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfileKeda_STATUS + KEDA (Kubernetes Event-driven Autoscaling) settings for the + workload auto-scaler profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230202preview + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-02-02-preview/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: (DEPRECATED) The client AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: (DEPRECATED) The server AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + serverAppSecret: + description: 'ServerAppSecret: (DEPRECATED) The server AAD application + secret. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + tenantID: + description: 'TenantID: The AAD tenant ID to use for authentication. + If not specified, will use the tenant of the deployment subscription.' + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + required: + - enabled + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones + to use for nodes. This can only be specified if the AgentPoolType + property is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + capacityReservationGroupID: + description: 'CapacityReservationGroupID: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + type: string + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for + system pools. The default value is 1.' + type: integer + creationData: + description: 'CreationData: CreationData to be used to specify + the source Snapshot ID if the node pool will be created/upgraded + using a snapshot.' + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID + of the source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: 'EnableCustomCATrust: When set to true, AKS adds + a label to the node indicating that the feature is enabled + and deploys a daemonset along with host services to sync custom + certificate authorities from user-provided list of base64 + encoded certificates into node trust stores. Defaults to false.' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported + on certain VM sizes and in certain Azure regions. For more + information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require + nodes in a node pool to receive their own dedicated public + IP addresses. A common scenario is for gaming workloads, where + a console needs to make a direct connection to a cloud virtual + machine to minimize hops. For more information see [assigning + a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + hostGroupReference: + description: 'HostGroupReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of + container log files that can be present for a container. + The number must be ≥ 2.' + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' + Valid values are a sequence of decimal numbers with an + optional fraction and a unit suffix. For example: ''300ms'', + ''2h45m''. Supported units are ''ns'', ''us'', ''ms'', + ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. + See [Kubernetes CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and + ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information + see [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', + ''best-effort'', ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral + storage.' + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are + ''always'', ''defer'', ''defer+madvise'', ''madvise'' + and ''never''. The default is ''madvise''. For more information + see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are + ''always'', ''madvise'', and ''never''. The default is + ''always''. For more information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + messageOfTheDay: + description: 'MessageOfTheDay: A base64-encoded string which + will be written to /etc/motd after decoding. This allows customization + of the message of the day for Linux nodes. It must not be + specified for Windows nodes. It must be a static string (i.e., + will be printed raw and not be executed as a script).' + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' + Agent Pool at all times. For additional information on agent + pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + enum: + - System + - User + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + pattern: ^[a-z][a-z0-9]{0,11}$ + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an + agent pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are + allowed to access. The specified ranges are allowed to + overlap.' + items: + description: The port range. + properties: + portEnd: + description: 'PortEnd: The maximum port that is included + in the range. It should be ranged from 1 to 65535, + and be greater than or equal to portStart.' + maximum: 65535 + minimum: 1 + type: integer + portStart: + description: 'PortStart: The minimum port that is + included in the range. It should be ranged from + 1 to 65535, and be less than or equal to portEnd.' + maximum: 65535 + minimum: 1 + type: integer + protocol: + description: 'Protocol: The network protocol of the + port.' + enum: + - TCP + - UDP + type: string + type: object + type: array + applicationSecurityGroupsReferences: + description: 'ApplicationSecurityGroupsReferences: The IDs + of the application security groups which agent pool will + associate when created.' + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, Kind, + Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level + public IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: + RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated + with the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixReference: + description: 'NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + and are supported. When is specified, + the latest supported patch version is chosen automatically. + Updating the agent pool with the same once it + has been created will not trigger an upgrade, even if a newer + patch version is available. As a best practice, you should + upgrade all node pools in an AKS cluster to the same Kubernetes + version. The node pool version must have the same major version + as the control plane. The node pool minor version must be + within two minor versions of the control plane version. The + node pool version cannot be greater than the control plane + version. For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the + VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to ''Managed''. May not + be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent + pool. If not specified, the default is Ubuntu if OSType=Linux + or Windows2019 if OSType=Windows. And the default Windows + OSSKU will be changed to Windows2022 after Windows2019 is + deprecated.' + enum: + - CBLMariner + - Mariner + - Ubuntu + - Windows2019 + - Windows2022 + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + enum: + - Linux + - Windows + type: string + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: 'PowerState: When an Agent Pool is first created + it is initially Running. The Agent Pool can be stopped by + setting this field to Stopped. A stopped Agent Pool stops + all of its VMs and does not accrue billing charges. An Agent + Pool can only be stopped if it is Running and provisioning + state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified + unless the scaleSetPriority is ''Spot''. If not specified, + the default is ''Delete''.' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal + value greater than zero or -1 which indicates the willingness + to pay any on-demand price. For more details on spot pricing, + see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer + (e.g. ''5'') or a percentage (e.g. ''50%''). If a percentage + is specified, it is the percentage of the total agent + pool size at the time of the upgrade. For percentages, + fractional nodes are rounded up. If not specified, the + default is 1. For more information, including best practices, + see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. + If a node contains insufficient compute resources (memory, + cpu, etc) pods might fail to run correctly. For more details + on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, + a VNET and subnet will be generated and used. If no podSubnetID + is specified, this applies to nodes and pods, otherwise it + applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific + profile.' + properties: + disableOutboundNat: + description: 'DisableOutboundNat: The default value is false. + Outbound NAT can only be disabled if the cluster outboundType + is NAT Gateway and the Windows agent pool does not have + node public IP enabled.' + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + enum: + - KataMshvVmIsolation + - OCIContainer + - WasmWasi + type: string + required: + - name + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: 'AuthorizedIPRanges: IP ranges are specified in CIDR + format, e.g. 137.117.106.88/29. This feature is not compatible + with clusters that use Public IP Per Node, or clusters that + are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges).' + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: 'EnablePrivateCluster: For more details, see [Creating + a private AKS cluster](https://docs.microsoft.com/azure/aks/private-clusters).' + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + enableVnetIntegration: + description: 'EnableVnetIntegration: Whether to enable apiserver + vnet integration for the cluster or not.' + type: boolean + privateDNSZone: + description: 'PrivateDNSZone: The default is System. For more + details see [configure private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). + Allowed values are ''system'' and ''none''.' + type: string + subnetId: + description: 'SubnetId: It is required when: 1. creating a new + cluster with BYO Vnet; 2. updating an existing cluster to enable + apiserver vnet integration.' + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: 'Expander: If not specified, the default is ''random''. + See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information.' + enum: + - least-waste + - most-pods + - priority + - random + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: 'MaxNodeProvisionTime: The default is ''15m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: 'NewPodScaleUpDelay: For scenarios like burst/batch + scale where you don''t want CA to act before the kubernetes + scheduler could schedule all the pods, you can tell CA to ignore + unscheduled pods before they''re a certain age. The default + is ''0s''. Values must be an integer followed by a unit (''s'' + for seconds, ''m'' for minutes, ''h'' for hours, etc).' + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: 'ScaleDownDelayAfterAdd: The default is ''10m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-delete: + description: 'ScaleDownDelayAfterDelete: The default is the scan-interval. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-failure: + description: 'ScaleDownDelayAfterFailure: The default is ''3m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-unneeded-time: + description: 'ScaleDownUnneededTime: The default is ''10m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-unready-time: + description: 'ScaleDownUnreadyTime: The default is ''20m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + nodeOSUpgradeChannel: + description: 'NodeOSUpgradeChannel: The default is Unmanaged, + but may change to either NodeImage or SecurityPatch at GA.' + enum: + - NodeImage + - None + - SecurityPatch + - Unmanaged + type: string + upgradeChannel: + description: 'UpgradeChannel: For more information see [setting + the AKS cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel).' + enum: + - node-image + - none + - patch + - rapid + - stable + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Prometheus addon profile for the + container service cluster' + properties: + metrics: + description: 'Metrics: Metrics profile for the prometheus service + addon' + properties: + enabled: + description: 'Enabled: Whether to enable the Prometheus collector' + type: boolean + kubeStateMetrics: + description: 'KubeStateMetrics: Kube State Metrics for prometheus + addon profile for the container service cluster' + properties: + metricAnnotationsAllowList: + description: 'MetricAnnotationsAllowList: Comma-separated + list of additional Kubernetes label keys that will be + used in the resource''s labels metric.' + type: string + metricLabelsAllowlist: + description: 'MetricLabelsAllowlist: Comma-separated list + of Kubernetes annotations keys that will be used in + the resource''s labels metric.' + type: string + type: object + required: + - enabled + type: object + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ + type: string + creationData: + description: 'CreationData: CreationData to be used to specify the + source Snapshot ID if the cluster will be created/upgraded using + a snapshot.' + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + disableLocalAccounts: + description: 'DisableLocalAccounts: If set to true, getting static + credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details + see [disable local accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview).' + type: boolean + diskEncryptionSetReference: + description: 'DiskEncryptionSetReference: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enableNamespaceResources: + description: 'EnableNamespaceResources: The default value is false. + It can be enabled/disabled on creation and updating of the managed + cluster. See [https://aka.ms/NamespaceARMResource](https://aka.ms/NamespaceARMResource) + for more details on Namespace as a ARM Resource.' + type: boolean + enablePodSecurityPolicy: + description: 'EnablePodSecurityPolicy: (DEPRECATED) Whether to enable + Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. + Learn more at https://aka.ms/k8s/psp and https://aka.ms/aks/psp.' + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + enum: + - EdgeZone + type: string + type: object + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + guardrailsProfile: + description: 'GuardrailsProfile: The guardrails profile holds all + the guardrails information for a given cluster' + properties: + excludedNamespaces: + description: 'ExcludedNamespaces: List of namespaces excluded + from guardrails checks' + items: + type: string + type: array + level: + description: 'Level: The guardrails level to be used. By default, + Guardrails is enabled for all namespaces except those that AKS + excludes via systemExcludedNamespaces' + enum: + - Enforcement + - "Off" + - Warning + type: string + version: + description: 'Version: The version of constraints to use' + type: string + required: + - level + - version + type: object + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + type: + description: 'Type: For more information see [use managed identities + in AKS](https://docs.microsoft.com/azure/aks/use-managed-identity).' + enum: + - None + - SystemAssigned + - UserAssigned + type: string + userAssignedIdentities: + description: 'UserAssignedIdentities: The keys must be ARM resource + IDs in the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''.' + items: + description: Information about the user assigned identity for + the resource + properties: + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + ingressProfile: + description: 'IngressProfile: Ingress profile for the managed cluster.' + properties: + webAppRouting: + description: 'WebAppRouting: Web App Routing settings for the + ingress profile.' + properties: + dnsZoneResourceReference: + description: 'DnsZoneResourceReference: Resource ID of the + DNS Zone to be associated with the web app. Used only when + Web App Routing is enabled.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + enabled: + description: 'Enabled: Whether to enable Web App Routing.' + type: boolean + type: object + type: object + kubernetesVersion: + description: 'KubernetesVersion: When you upgrade a supported AKS + cluster, Kubernetes minor versions cannot be skipped. All upgrades + must be performed sequentially by major version number. For example, + upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, + however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) + for more details.' + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + pattern: ^[A-Za-z][-A-Za-z0-9_]*$ + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: 'KeyData: Certificate public key used to + authenticate with VMs through SSH. The certificate + must be in PEM format with or without headers.' + type: string + required: + - keyData + type: object + type: array + required: + - publicKeys + type: object + required: + - adminUsername + - ssh + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: 'DnsServiceIP: An IP address assigned to the Kubernetes + DNS service. It must be within the Kubernetes service address + range specified in serviceCidr.' + pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ + type: string + dockerBridgeCidr: + description: 'DockerBridgeCidr: A CIDR notation IP range assigned + to the Docker bridge network. It must not overlap with any Subnet + IP ranges or the Kubernetes service address range.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + ipFamilies: + description: 'IpFamilies: IP families are used to determine single-stack + or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6.' + items: + enum: + - IPv4 + - IPv6 + type: string + type: array + kubeProxyConfig: + description: 'KubeProxyConfig: Holds configuration customizations + for kube-proxy. Any values not defined will use the kube-proxy + defaulting behavior. See https://v.docs.kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/ + where is represented by a - + string. Kubernetes version 1.23 would be ''1-23''.' + properties: + enabled: + description: 'Enabled: Whether to enable on kube-proxy on + the cluster (if no ''kubeProxyConfig'' exists, kube-proxy + is enabled in AKS by default without these customizations).' + type: boolean + ipvsConfig: + description: 'IpvsConfig: Holds configuration customizations + for IPVS. May only be specified if ''mode'' is set to ''IPVS''.' + properties: + scheduler: + description: 'Scheduler: IPVS scheduler, for more information + please see http://www.linuxvirtualserver.org/docs/scheduling.html.' + enum: + - LeastConnection + - RoundRobin + type: string + tcpFinTimeoutSeconds: + description: 'TcpFinTimeoutSeconds: The timeout value + used for IPVS TCP sessions after receiving a FIN in + seconds. Must be a positive integer value.' + type: integer + tcpTimeoutSeconds: + description: 'TcpTimeoutSeconds: The timeout value used + for idle IPVS TCP sessions in seconds. Must be a positive + integer value.' + type: integer + udpTimeoutSeconds: + description: 'UdpTimeoutSeconds: The timeout value used + for IPVS UDP packets in seconds. Must be a positive + integer value.' + type: integer + type: object + mode: + description: 'Mode: Specify which proxy mode to use (''IPTABLES'' + or ''IPVS'')' + enum: + - IPTABLES + - IPVS + type: string + type: object + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: 'AllocatedOutboundPorts: The desired number of + allocated SNAT ports per VM. Allowed values are in the range + of 0 to 64000 (inclusive). The default value is 0 which + results in Azure dynamically allocating ports.' + maximum: 64000 + minimum: 0 + type: integer + backendPoolType: + description: 'BackendPoolType: The type of the managed inbound + Load Balancer BackendPool.' + enum: + - NodeIP + - NodeIPConfiguration + type: string + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 30 minutes.' + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: 'Count: The desired number of IPv4 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 1.' + maximum: 100 + minimum: 1 + type: integer + countIPv6: + description: 'CountIPv6: The desired number of IPv6 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 0 for single-stack and 1 for dual-stack.' + maximum: 100 + minimum: 0 + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + description: 'LoadBalancerSku: The default is ''standard''. See + [Azure Load Balancer SKUs](https://docs.microsoft.com/azure/load-balancer/skus) + for more information about the differences between load balancer + SKUs.' + enum: + - basic + - standard + type: string + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 4 minutes.' + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: 'Count: The desired number of outbound IPs + created/managed by Azure. Allowed values must be in + the range of 1 to 16 (inclusive). The default value + is 1.' + maximum: 16 + minimum: 1 + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + enum: + - azure + - cilium + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + enum: + - bridge + - transparent + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + enum: + - azure + - kubenet + - none + type: string + networkPluginMode: + description: 'NetworkPluginMode: Network plugin mode used for + building the Kubernetes network.' + enum: + - Overlay + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + enum: + - azure + - calico + - cilium + type: string + outboundType: + description: 'OutboundType: This can only be set at cluster creation + time and cannot be changed later. For more information see [egress + outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype).' + enum: + - loadBalancer + - managedNATGateway + - userAssignedNATGateway + - userDefinedRouting + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + podCidrs: + description: 'PodCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking.' + items: + type: string + type: array + serviceCidr: + description: 'ServiceCidr: A CIDR notation IP range from which + to assign service cluster IPs. It must not overlap with any + Subnet IP ranges.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + serviceCidrs: + description: 'ServiceCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with + any Subnet IP ranges.' + items: + type: string + type: array + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + nodeResourceGroupProfile: + description: 'NodeResourceGroupProfile: The node resource group configuration + profile.' + properties: + restrictionLevel: + description: 'RestrictionLevel: The restriction level applied + to the cluster''s node resource group' + enum: + - ReadOnly + - Unrestricted + type: string + type: object + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + type: object + operatorSpec: + description: 'OperatorSpec: The specification for configuring operator + behavior. This field is interpreted by the operator and not passed + directly to Azure' + properties: + configMaps: + description: 'ConfigMaps: configures where to place operator written + ConfigMaps.' + properties: + oidcIssuerProfile: + description: 'OIDCIssuerProfile: indicates where the OIDCIssuerProfile + config map should be placed. If omitted, no config map will + be created.' + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: Name is the name of the Kubernetes ConfigMap + being referenced. The ConfigMap must be in the same + namespace as the resource + type: string + required: + - key + - name + type: object + type: object + secrets: + description: 'Secrets: configures where to place Azure generated + secrets.' + properties: + adminCredentials: + description: 'AdminCredentials: indicates where the AdminCredentials + secret should be placed. If omitted, the secret will not + be retrieved from Azure.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: 'UserCredentials: indicates where the UserCredentials + secret should be placed. If omitted, the secret will not + be retrieved from Azure.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: 'PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on AAD pod identity integration.' + properties: + allowNetworkPluginKubenet: + description: 'AllowNetworkPluginKubenet: Running in Kubenet is + disabled by default due to the security related nature of AAD + Pod Identity and the risks of IP spoofing. See [using Kubenet + network plugin with AAD Pod Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information.' + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + required: + - identity + - name + - namespace + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + required: + - name + - namespace + - podLabels + type: object + type: array + type: object + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + enum: + - Disabled + - Enabled + - SecuredByPerimeter + type: string + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: 'AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) + settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: 'KeyId: Identifier of Azure Key Vault key. See + [key identifier format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service + is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service + is disabled, leave the field empty.' + type: string + keyVaultNetworkAccess: + description: 'KeyVaultNetworkAccess: Network access of key + vault. The possible values are `Public` and `Private`. `Public` + means the key vault allows public access from all networks. + `Private` means the key vault disables public access and + enables private link. The default value is `Public`.' + enum: + - Private + - Public + type: string + keyVaultResourceReference: + description: 'KeyVaultResourceReference: Resource ID of key + vault. When keyVaultNetworkAccess is `Private`, this field + is required and must be a valid resource ID. When keyVaultNetworkAccess + is `Public`, leave the field empty.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + customCATrustCertificates: + description: 'CustomCATrustCertificates: A list of up to 10 base64 + encoded CAs that will be added to the trust store on nodes with + the Custom CA Trust feature enabled. For more information see + [Custom CA Trust Certificates](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority)' + items: + type: string + maxItems: 10 + minItems: 0 + type: array + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceReference: + description: 'LogAnalyticsWorkspaceResourceReference: Resource + ID of the Log Analytics workspace to be associated with + Microsoft Defender. When Microsoft Defender is enabled, + this field is required and must be a valid workspace resource + ID. When Microsoft Defender is disabled, leave the field + empty.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + nodeRestriction: + description: 'NodeRestriction: [Node Restriction](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction) + settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Node Restriction' + type: boolean + type: object + workloadIdentity: + description: 'WorkloadIdentity: Workload identity settings for + the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See + https://aka.ms/aks/wi for more details.' + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + serviceMeshProfile: + description: 'ServiceMeshProfile: Service mesh profile for a managed + cluster.' + properties: + istio: + description: 'Istio: Istio service mesh configuration.' + properties: + components: + description: 'Components: Istio components configuration.' + properties: + ingressGateways: + description: 'IngressGateways: Istio ingress gateways.' + items: + description: Istio ingress gateway configuration. For + now, we support up to one external ingress gateway + named `aks-istio-ingressgateway-external` and one + internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + enabled: + description: 'Enabled: Whether to enable the ingress + gateway.' + type: boolean + mode: + description: 'Mode: Mode of an ingress gateway.' + enum: + - External + - Internal + type: string + required: + - enabled + - mode + type: object + type: array + type: object + type: object + mode: + description: 'Mode: Mode of the service mesh.' + enum: + - Disabled + - Istio + type: string + required: + - mode + type: object + servicePrincipalProfile: + description: 'ServicePrincipalProfile: Information about a service + principal identity for the cluster to use for manipulating Azure + APIs.' + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + secret: + description: 'Secret: The secret password associated with the + service principal in plain text.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret being + referenced. The secret must be in the same namespace as + the resource + type: string + required: + - key + - name + type: object + required: + - clientId + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + enum: + - Base + type: string + tier: + description: 'Tier: If not specified, the default is ''Free''. + See [AKS Pricing Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) + for more details.' + enum: + - Free + - Standard + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + version: + description: 'Version: The version of AzureDisk CSI Driver. + The default value is v1.' + type: string + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading a cluster.' + properties: + overrideSettings: + description: 'OverrideSettings: Settings for overrides.' + properties: + controlPlaneOverrides: + description: 'ControlPlaneOverrides: List of upgrade overrides + when upgrading a cluster''s control plane.' + items: + description: The list of control plane upgrade override + settings. + enum: + - IgnoreKubernetesDeprecations + type: string + type: array + until: + description: 'Until: Until when the overrides are effective. + Note that this only matches the start time of an upgrade, + and the effectiveness won''t change once an upgrade starts + even if the `until` expires as upgrade proceeds. This field + is not set by default. It must be set for the overrides + to take effect.' + type: string + type: object + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: 'AdminPassword: Specifies the password of the administrator + account. Minimum-length: 8 characters Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to + be fulfilled Has lower characters Has upper characters Has a + digit Has a special character (Regex match [\W_]) Disallowed + values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", + "Pa$$$$word", "pass@word1", "Password!", "Password1", "Password22", + "iloveyou!"' + type: string + adminUsername: + description: 'AdminUsername: Specifies the name of the administrator + account. Restriction: Cannot end in "." Disallowed values: "administrator", + "admin", "user", "user1", "test", "user2", "test1", "user3", + "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", + "backup", "console", "david", "guest", "john", "owner", "root", + "server", "sql", "support", "support_388945a0", "sys", "test2", + "test3", "user4", "user5". Minimum-length: 1 character Max-length: + 20 characters' + type: string + enableCSIProxy: + description: 'EnableCSIProxy: For more details on CSI proxy, see + the [CSI proxy GitHub repo](https://github.com/kubernetes-csi/csi-proxy).' + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: 'DnsServer: Specifies the DNS server for Windows + gMSA. Set it to empty if you have configured the DNS server + in the vnet which is used to create the managed cluster.' + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: 'RootDomainName: Specifies the root domain name + for Windows gMSA. Set it to empty if you have configured + the DNS server in the vnet which is used to create the managed + cluster.' + type: string + type: object + licenseType: + description: 'LicenseType: The license type to use for Windows + VMs. See [Azure Hybrid User Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) + for more details.' + enum: + - None + - Windows_Server + type: string + required: + - adminUsername + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + required: + - enabled + type: object + verticalPodAutoscaler: + properties: + controlledValues: + description: 'ControlledValues: Controls which resource value + autoscaler will change. Default value is RequestsAndLimits.' + enum: + - RequestsAndLimits + - RequestsOnly + type: string + enabled: + description: 'Enabled: Whether to enable VPA. Default value + is false.' + type: boolean + updateMode: + description: 'UpdateMode: Each update mode level is a superset + of the lower levels. Off, this field + will be exactly equal to it. If orchestratorVersion was , + this field will contain the full version + being used.' + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: 'EnableCustomCATrust: When set to true, AKS adds + a label to the node indicating that the feature is enabled + and deploys a daemonset along with host services to sync custom + certificate authorities from user-provided list of base64 + encoded certificates into node trust stores. Defaults to false.' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported + on certain VM sizes and in certain Azure regions. For more + information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require + nodes in a node pool to receive their own dedicated public + IP addresses. A common scenario is for gaming workloads, where + a console needs to make a direct connection to a cloud virtual + machine to minimize hops. For more information see [assigning + a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + hostGroupID: + description: 'HostGroupID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of + container log files that can be present for a container. + The number must be ≥ 2.' + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' + Valid values are a sequence of decimal numbers with an + optional fraction and a unit suffix. For example: ''300ms'', + ''2h45m''. Supported units are ''ns'', ''us'', ''ms'', + ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. + See [Kubernetes CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and + ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information + see [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', + ''best-effort'', ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral + storage.' + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are + ''always'', ''defer'', ''defer+madvise'', ''madvise'' + and ''never''. The default is ''madvise''. For more information + see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are + ''always'', ''madvise'', and ''never''. The default is + ''always''. For more information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + messageOfTheDay: + description: 'MessageOfTheDay: A base64-encoded string which + will be written to /etc/motd after decoding. This allows customization + of the message of the day for Linux nodes. It must not be + specified for Windows nodes. It must be a static string (i.e., + will be printed raw and not be executed as a script).' + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' + Agent Pool at all times. For additional information on agent + pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an + agent pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are + allowed to access. The specified ranges are allowed to + overlap.' + items: + description: The port range. + properties: + portEnd: + description: 'PortEnd: The maximum port that is included + in the range. It should be ranged from 1 to 65535, + and be greater than or equal to portStart.' + type: integer + portStart: + description: 'PortStart: The minimum port that is + included in the range. It should be ranged from + 1 to 65535, and be less than or equal to portEnd.' + type: integer + protocol: + description: 'Protocol: The network protocol of the + port.' + type: string + type: object + type: array + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: The IDs of the + application security groups which agent pool will associate + when created.' + items: + type: string + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level + public IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: + RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated + with the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: 'NodePublicIPPrefixID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + and are supported. When is specified, + the latest supported patch version is chosen automatically. + Updating the agent pool with the same once it + has been created will not trigger an upgrade, even if a newer + patch version is available. As a best practice, you should + upgrade all node pools in an AKS cluster to the same Kubernetes + version. The node pool version must have the same major version + as the control plane. The node pool minor version must be + within two minor versions of the control plane version. The + node pool version cannot be greater than the control plane + version. For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the + VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to ''Managed''. May not + be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent + pool. If not specified, the default is Ubuntu if OSType=Linux + or Windows2019 if OSType=Windows. And the default Windows + OSSKU will be changed to Windows2022 after Windows2019 is + deprecated.' + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + type: string + podSubnetID: + description: 'PodSubnetID: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + powerState: + description: 'PowerState: When an Agent Pool is first created + it is initially Running. The Agent Pool can be stopped by + setting this field to Stopped. A stopped Agent Pool stops + all of its VMs and does not accrue billing charges. An Agent + Pool can only be stopped if it is Running and provisioning + state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + type: string + type: object + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity + Placement Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified + unless the scaleSetPriority is ''Spot''. If not specified, + the default is ''Delete''.' + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal + value greater than zero or -1 which indicates the willingness + to pay any on-demand price. For more details on spot pricing, + see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer + (e.g. ''5'') or a percentage (e.g. ''50%''). If a percentage + is specified, it is the percentage of the total agent + pool size at the time of the upgrade. For percentages, + fractional nodes are rounded up. If not specified, the + default is 1. For more information, including best practices, + see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. + If a node contains insufficient compute resources (memory, + cpu, etc) pods might fail to run correctly. For more details + on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetID: + description: 'VnetSubnetID: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies + to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific + profile.' + properties: + disableOutboundNat: + description: 'DisableOutboundNat: The default value is false. + Outbound NAT can only be disabled if the cluster outboundType + is NAT Gateway and the Windows agent pool does not have + node public IP enabled.' + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + type: string + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: 'AuthorizedIPRanges: IP ranges are specified in CIDR + format, e.g. 137.117.106.88/29. This feature is not compatible + with clusters that use Public IP Per Node, or clusters that + are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges).' + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: 'EnablePrivateCluster: For more details, see [Creating + a private AKS cluster](https://docs.microsoft.com/azure/aks/private-clusters).' + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + enableVnetIntegration: + description: 'EnableVnetIntegration: Whether to enable apiserver + vnet integration for the cluster or not.' + type: boolean + privateDNSZone: + description: 'PrivateDNSZone: The default is System. For more + details see [configure private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). + Allowed values are ''system'' and ''none''.' + type: string + subnetId: + description: 'SubnetId: It is required when: 1. creating a new + cluster with BYO Vnet; 2. updating an existing cluster to enable + apiserver vnet integration.' + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: 'Expander: If not specified, the default is ''random''. + See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information.' + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: 'MaxNodeProvisionTime: The default is ''15m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: 'NewPodScaleUpDelay: For scenarios like burst/batch + scale where you don''t want CA to act before the kubernetes + scheduler could schedule all the pods, you can tell CA to ignore + unscheduled pods before they''re a certain age. The default + is ''0s''. Values must be an integer followed by a unit (''s'' + for seconds, ''m'' for minutes, ''h'' for hours, etc).' + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: 'ScaleDownDelayAfterAdd: The default is ''10m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-delete: + description: 'ScaleDownDelayAfterDelete: The default is the scan-interval. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-failure: + description: 'ScaleDownDelayAfterFailure: The default is ''3m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-unneeded-time: + description: 'ScaleDownUnneededTime: The default is ''10m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-unready-time: + description: 'ScaleDownUnreadyTime: The default is ''20m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + nodeOSUpgradeChannel: + description: 'NodeOSUpgradeChannel: The default is Unmanaged, + but may change to either NodeImage or SecurityPatch at GA.' + type: string + upgradeChannel: + description: 'UpgradeChannel: For more information see [setting + the AKS cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel).' + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Prometheus addon profile for the + container service cluster' + properties: + metrics: + description: 'Metrics: Metrics profile for the prometheus service + addon' + properties: + enabled: + description: 'Enabled: Whether to enable the Prometheus collector' + type: boolean + kubeStateMetrics: + description: 'KubeStateMetrics: Kube State Metrics for prometheus + addon profile for the container service cluster' + properties: + metricAnnotationsAllowList: + description: 'MetricAnnotationsAllowList: Comma-separated + list of additional Kubernetes label keys that will be + used in the resource''s labels metric.' + type: string + metricLabelsAllowlist: + description: 'MetricLabelsAllowlist: Comma-separated list + of Kubernetes annotations keys that will be used in + the resource''s labels metric.' + type: string + type: object + type: object + type: object + azurePortalFQDN: + description: 'AzurePortalFQDN: The Azure Portal requires certain Cross-Origin + Resource Sharing (CORS) headers to be sent in some responses, which + Kubernetes APIServer doesn''t handle by default. This special FQDN + supports CORS, allowing the Azure Portal to function properly.' + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + creationData: + description: 'CreationData: CreationData to be used to specify the + source Snapshot ID if the cluster will be created/upgraded using + a snapshot.' + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the source + object to be used to create the target object.' + type: string + type: object + currentKubernetesVersion: + description: 'CurrentKubernetesVersion: The version of Kubernetes + the Managed Cluster is running.' + type: string + disableLocalAccounts: + description: 'DisableLocalAccounts: If set to true, getting static + credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details + see [disable local accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview).' + type: boolean + diskEncryptionSetID: + description: 'DiskEncryptionSetID: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + type: string + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enableNamespaceResources: + description: 'EnableNamespaceResources: The default value is false. + It can be enabled/disabled on creation and updating of the managed + cluster. See [https://aka.ms/NamespaceARMResource](https://aka.ms/NamespaceARMResource) + for more details on Namespace as a ARM Resource.' + type: boolean + enablePodSecurityPolicy: + description: 'EnablePodSecurityPolicy: (DEPRECATED) Whether to enable + Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. + Learn more at https://aka.ms/k8s/psp and https://aka.ms/aks/psp.' + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + type: string + type: object + fqdn: + description: 'Fqdn: The FQDN of the master pool.' + type: string + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + guardrailsProfile: + description: 'GuardrailsProfile: The guardrails profile holds all + the guardrails information for a given cluster' + properties: + excludedNamespaces: + description: 'ExcludedNamespaces: List of namespaces excluded + from guardrails checks' + items: + type: string + type: array + level: + description: 'Level: The guardrails level to be used. By default, + Guardrails is enabled for all namespaces except those that AKS + excludes via systemExcludedNamespaces' + type: string + systemExcludedNamespaces: + description: 'SystemExcludedNamespaces: List of namespaces specified + by AKS to be excluded from Guardrails' + items: + type: string + type: array + version: + description: 'Version: The version of constraints to use' + type: string + type: object + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + effectiveNoProxy: + description: 'EffectiveNoProxy: A read-only list of all endpoints + for which traffic should not be sent to the proxy. This list + is a superset of noProxy and values injected by AKS.' + items: + type: string + type: array + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + id: + description: 'Id: Fully qualified resource ID for the resource. Ex + - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}' + type: string + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + principalId: + description: 'PrincipalId: The principal id of the system assigned + identity which is used by master components.' + type: string + tenantId: + description: 'TenantId: The tenant id of the system assigned identity + which is used by master components.' + type: string + type: + description: 'Type: For more information see [use managed identities + in AKS](https://docs.microsoft.com/azure/aks/use-managed-identity).' + type: string + userAssignedIdentities: + additionalProperties: + properties: + clientId: + description: 'ClientId: The client id of user assigned identity.' + type: string + principalId: + description: 'PrincipalId: The principal id of user assigned + identity.' + type: string + type: object + description: 'UserAssignedIdentities: The keys must be ARM resource + IDs in the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''.' + type: object + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + ingressProfile: + description: 'IngressProfile: Ingress profile for the managed cluster.' + properties: + webAppRouting: + description: 'WebAppRouting: Web App Routing settings for the + ingress profile.' + properties: + dnsZoneResourceId: + description: 'DnsZoneResourceId: Resource ID of the DNS Zone + to be associated with the web app. Used only when Web App + Routing is enabled.' + type: string + enabled: + description: 'Enabled: Whether to enable Web App Routing.' + type: boolean + identity: + description: 'Identity: Managed identity of the Web Application + Routing add-on. This is the identity that should be granted + permissions, for example, to manage the associated Azure + DNS resource and get certificates from Azure Key Vault. + See [this overview of the add-on](https://learn.microsoft.com/en-us/azure/aks/web-app-routing?tabs=with-osm) + for more instructions.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user + assigned identity.' + type: string + type: object + type: object + type: object + kubernetesVersion: + description: 'KubernetesVersion: When you upgrade a supported AKS + cluster, Kubernetes minor versions cannot be skipped. All upgrades + must be performed sequentially by major version number. For example, + upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, + however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) + for more details.' + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: 'KeyData: Certificate public key used to + authenticate with VMs through SSH. The certificate + must be in PEM format with or without headers.' + type: string + type: object + type: array + type: object + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + maxAgentPools: + description: 'MaxAgentPools: The max number of agent pools for the + managed cluster.' + type: integer + name: + description: 'Name: The name of the resource' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: 'DnsServiceIP: An IP address assigned to the Kubernetes + DNS service. It must be within the Kubernetes service address + range specified in serviceCidr.' + type: string + dockerBridgeCidr: + description: 'DockerBridgeCidr: A CIDR notation IP range assigned + to the Docker bridge network. It must not overlap with any Subnet + IP ranges or the Kubernetes service address range.' + type: string + ipFamilies: + description: 'IpFamilies: IP families are used to determine single-stack + or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6.' + items: + type: string + type: array + kubeProxyConfig: + description: 'KubeProxyConfig: Holds configuration customizations + for kube-proxy. Any values not defined will use the kube-proxy + defaulting behavior. See https://v.docs.kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/ + where is represented by a - + string. Kubernetes version 1.23 would be ''1-23''.' + properties: + enabled: + description: 'Enabled: Whether to enable on kube-proxy on + the cluster (if no ''kubeProxyConfig'' exists, kube-proxy + is enabled in AKS by default without these customizations).' + type: boolean + ipvsConfig: + description: 'IpvsConfig: Holds configuration customizations + for IPVS. May only be specified if ''mode'' is set to ''IPVS''.' + properties: + scheduler: + description: 'Scheduler: IPVS scheduler, for more information + please see http://www.linuxvirtualserver.org/docs/scheduling.html.' + type: string + tcpFinTimeoutSeconds: + description: 'TcpFinTimeoutSeconds: The timeout value + used for IPVS TCP sessions after receiving a FIN in + seconds. Must be a positive integer value.' + type: integer + tcpTimeoutSeconds: + description: 'TcpTimeoutSeconds: The timeout value used + for idle IPVS TCP sessions in seconds. Must be a positive + integer value.' + type: integer + udpTimeoutSeconds: + description: 'UdpTimeoutSeconds: The timeout value used + for IPVS UDP packets in seconds. Must be a positive + integer value.' + type: integer + type: object + mode: + description: 'Mode: Specify which proxy mode to use (''IPTABLES'' + or ''IPVS'')' + type: string + type: object + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: 'AllocatedOutboundPorts: The desired number of + allocated SNAT ports per VM. Allowed values are in the range + of 0 to 64000 (inclusive). The default value is 0 which + results in Azure dynamically allocating ports.' + type: integer + backendPoolType: + description: 'BackendPoolType: The type of the managed inbound + Load Balancer BackendPool.' + type: string + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 30 minutes.' + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: 'Count: The desired number of IPv4 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 1.' + type: integer + countIPv6: + description: 'CountIPv6: The desired number of IPv6 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 0 for single-stack and 1 for dual-stack.' + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + description: 'LoadBalancerSku: The default is ''standard''. See + [Azure Load Balancer SKUs](https://docs.microsoft.com/azure/load-balancer/skus) + for more information about the differences between load balancer + SKUs.' + type: string + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 4 minutes.' + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: 'Count: The desired number of outbound IPs + created/managed by Azure. Allowed values must be in + the range of 1 to 16 (inclusive). The default value + is 1.' + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + type: string + networkPluginMode: + description: 'NetworkPluginMode: Network plugin mode used for + building the Kubernetes network.' + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + type: string + outboundType: + description: 'OutboundType: This can only be set at cluster creation + time and cannot be changed later. For more information see [egress + outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype).' + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + type: string + podCidrs: + description: 'PodCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking.' + items: + type: string + type: array + serviceCidr: + description: 'ServiceCidr: A CIDR notation IP range from which + to assign service cluster IPs. It must not overlap with any + Subnet IP ranges.' + type: string + serviceCidrs: + description: 'ServiceCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with + any Subnet IP ranges.' + items: + type: string + type: array + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + nodeResourceGroupProfile: + description: 'NodeResourceGroupProfile: The node resource group configuration + profile.' + properties: + restrictionLevel: + description: 'RestrictionLevel: The restriction level applied + to the cluster''s node resource group' + type: string + type: object + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + issuerURL: + description: 'IssuerURL: The OIDC issuer url of the Managed Cluster.' + type: string + type: object + podIdentityProfile: + description: 'PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on AAD pod identity integration.' + properties: + allowNetworkPluginKubenet: + description: 'AllowNetworkPluginKubenet: Running in Kubenet is + disabled by default due to the security related nature of AAD + Pod Identity and the risks of IP spoofing. See [using Kubenet + network plugin with AAD Pod Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information.' + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user + assigned identity.' + type: string + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + provisioningInfo: + properties: + error: + description: 'Error: Pod identity assignment error (if + any).' + properties: + error: + description: 'Error: Details about the error.' + properties: + code: + description: 'Code: An identifier for the error. + Codes are invariant and are intended to be + consumed programmatically.' + type: string + details: + description: 'Details: A list of additional + details about the error.' + items: + properties: + code: + description: 'Code: An identifier for + the error. Codes are invariant and are + intended to be consumed programmatically.' + type: string + message: + description: 'Message: A message describing + the error, intended to be suitable for + display in a user interface.' + type: string + target: + description: 'Target: The target of the + particular error. For example, the name + of the property in error.' + type: string + type: object + type: array + message: + description: 'Message: A message describing + the error, intended to be suitable for display + in a user interface.' + type: string + target: + description: 'Target: The target of the particular + error. For example, the name of the property + in error.' + type: string + type: object + type: object + type: object + provisioningState: + description: 'ProvisioningState: The current provisioning + state of the pod identity.' + type: string + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + type: object + type: array + type: object + powerState: + description: 'PowerState: The Power State of the cluster.' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + privateFQDN: + description: 'PrivateFQDN: The FQDN of private cluster.' + type: string + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + id: + description: 'Id: The ID of the private link resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + privateLinkServiceID: + description: 'PrivateLinkServiceID: The private link service + ID of the resource, this field is exposed only to NRP internally.' + type: string + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + provisioningState: + description: 'ProvisioningState: The current provisioning state.' + type: string + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + type: string + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: 'AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) + settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: 'KeyId: Identifier of Azure Key Vault key. See + [key identifier format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service + is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service + is disabled, leave the field empty.' + type: string + keyVaultNetworkAccess: + description: 'KeyVaultNetworkAccess: Network access of key + vault. The possible values are `Public` and `Private`. `Public` + means the key vault allows public access from all networks. + `Private` means the key vault disables public access and + enables private link. The default value is `Public`.' + type: string + keyVaultResourceId: + description: 'KeyVaultResourceId: Resource ID of key vault. + When keyVaultNetworkAccess is `Private`, this field is required + and must be a valid resource ID. When keyVaultNetworkAccess + is `Public`, leave the field empty.' + type: string + type: object + customCATrustCertificates: + description: 'CustomCATrustCertificates: A list of up to 10 base64 + encoded CAs that will be added to the trust store on nodes with + the Custom CA Trust feature enabled. For more information see + [Custom CA Trust Certificates](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority)' + items: + type: string + type: array + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceId: + description: 'LogAnalyticsWorkspaceResourceId: Resource ID + of the Log Analytics workspace to be associated with Microsoft + Defender. When Microsoft Defender is enabled, this field + is required and must be a valid workspace resource ID. When + Microsoft Defender is disabled, leave the field empty.' + type: string + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + nodeRestriction: + description: 'NodeRestriction: [Node Restriction](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction) + settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Node Restriction' + type: boolean + type: object + workloadIdentity: + description: 'WorkloadIdentity: Workload identity settings for + the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See + https://aka.ms/aks/wi for more details.' + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + serviceMeshProfile: + description: 'ServiceMeshProfile: Service mesh profile for a managed + cluster.' + properties: + istio: + description: 'Istio: Istio service mesh configuration.' + properties: + components: + description: 'Components: Istio components configuration.' + properties: + ingressGateways: + description: 'IngressGateways: Istio ingress gateways.' + items: + description: Istio ingress gateway configuration. For + now, we support up to one external ingress gateway + named `aks-istio-ingressgateway-external` and one + internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + enabled: + description: 'Enabled: Whether to enable the ingress + gateway.' + type: boolean + mode: + description: 'Mode: Mode of an ingress gateway.' + type: string + type: object + type: array + type: object + type: object + mode: + description: 'Mode: Mode of the service mesh.' + type: string + type: object + servicePrincipalProfile: + description: 'ServicePrincipalProfile: Information about a service + principal identity for the cluster to use for manipulating Azure + APIs.' + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + type: string + tier: + description: 'Tier: If not specified, the default is ''Free''. + See [AKS Pricing Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) + for more details.' + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + version: + description: 'Version: The version of AzureDisk CSI Driver. + The default value is v1.' + type: string + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + systemData: + description: 'SystemData: Azure Resource Manager metadata containing + createdBy and modifiedBy information.' + properties: + createdAt: + description: 'CreatedAt: The timestamp of resource creation (UTC).' + type: string + createdBy: + description: 'CreatedBy: The identity that created the resource.' + type: string + createdByType: + description: 'CreatedByType: The type of identity that created + the resource.' + type: string + lastModifiedAt: + description: 'LastModifiedAt: The timestamp of resource last modification + (UTC)' + type: string + lastModifiedBy: + description: 'LastModifiedBy: The identity that last modified + the resource.' + type: string + lastModifiedByType: + description: 'LastModifiedByType: The type of identity that last + modified the resource.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" + or "Microsoft.Storage/storageAccounts"' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading a cluster.' + properties: + overrideSettings: + description: 'OverrideSettings: Settings for overrides.' + properties: + controlPlaneOverrides: + description: 'ControlPlaneOverrides: List of upgrade overrides + when upgrading a cluster''s control plane.' + items: + description: The list of control plane upgrade override + settings. + type: string + type: array + until: + description: 'Until: Until when the overrides are effective. + Note that this only matches the start time of an upgrade, + and the effectiveness won''t change once an upgrade starts + even if the `until` expires as upgrade proceeds. This field + is not set by default. It must be set for the overrides + to take effect.' + type: string + type: object + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: 'AdminPassword: Specifies the password of the administrator + account. Minimum-length: 8 characters Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to + be fulfilled Has lower characters Has upper characters Has a + digit Has a special character (Regex match [\W_]) Disallowed + values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", + "Pa$$$$word", "pass@word1", "Password!", "Password1", "Password22", + "iloveyou!"' + type: string + adminUsername: + description: 'AdminUsername: Specifies the name of the administrator + account. Restriction: Cannot end in "." Disallowed values: "administrator", + "admin", "user", "user1", "test", "user2", "test1", "user3", + "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", + "backup", "console", "david", "guest", "john", "owner", "root", + "server", "sql", "support", "support_388945a0", "sys", "test2", + "test3", "user4", "user5". Minimum-length: 1 character Max-length: + 20 characters' + type: string + enableCSIProxy: + description: 'EnableCSIProxy: For more details on CSI proxy, see + the [CSI proxy GitHub repo](https://github.com/kubernetes-csi/csi-proxy).' + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: 'DnsServer: Specifies the DNS server for Windows + gMSA. Set it to empty if you have configured the DNS server + in the vnet which is used to create the managed cluster.' + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: 'RootDomainName: Specifies the root domain name + for Windows gMSA. Set it to empty if you have configured + the DNS server in the vnet which is used to create the managed + cluster.' + type: string + type: object + licenseType: + description: 'LicenseType: The license type to use for Windows + VMs. See [Azure Hybrid User Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) + for more details.' + type: string + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + type: object + verticalPodAutoscaler: + properties: + controlledValues: + description: 'ControlledValues: Controls which resource value + autoscaler will change. Default value is RequestsAndLimits.' + type: string + enabled: + description: 'Enabled: Whether to enable VPA. Default value + is false.' + type: boolean + updateMode: + description: 'UpdateMode: Each update mode level is a superset + of the lower levels. Off + (e.g. 1.20.13) and (e.g. 1.20) are supported. When + is specified, the latest supported GA patch version + is chosen automatically. Updating the cluster with the same + once it has been created (e.g. 1.14.x -> 1.14) will not trigger + an upgrade, even if a newer patch version is available. As a best + practice, you should upgrade all node pools in an AKS cluster to + the same Kubernetes version. The node pool version must have the + same major version as the control plane. The node pool minor version + must be within two minor versions of the control plane version. + The node pool version cannot be greater than the control plane version. + For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the VM supports + it and has a cache disk larger than the requested OSDiskSizeGB. + Otherwise, defaults to ''Managed''. May not be changed after creation. + For more information see [Ephemeral OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent pool. + The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 + if OSType is Windows.' + enum: + - CBLMariner + - Ubuntu + - Windows2019 + - Windows2022 + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + enum: + - Linux + - Windows + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: 'PowerState: When an Agent Pool is first created it is + initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and + does not accrue billing charges. An Agent Pool can only be stopped + if it is Running and provisioning state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified unless + the scaleSetPriority is ''Spot''. If not specified, the default + is ''Delete''.' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal value + greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer (e.g. + ''5'') or a percentage (e.g. ''50%''). If a percentage is specified, + it is the percentage of the total agent pool size at the time + of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, + including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. If a + node contains insufficient compute resources (memory, cpu, etc) + pods might fail to run correctly. For more details on restricted + VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + enum: + - OCIContainer + - WasmWasi + type: string + required: + - owner + type: object + status: + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones to + use for nodes. This can only be specified if the AgentPoolType property + is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) for + user pools and in the range of 1 to 1000 (inclusive) for system + pools. The default value is 1.' + type: integer + creationData: + description: 'CreationData: CreationData to be used to specify the + source Snapshot ID if the node pool will be created/upgraded using + a snapshot.' + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the source + object to be used to create the target object.' + type: string + type: object + currentOrchestratorVersion: + description: 'CurrentOrchestratorVersion: If orchestratorVersion is + a fully specified version , this field will be + exactly equal to it. If orchestratorVersion is , this + field will contain the full version being used.' + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported on certain + VM sizes and in certain Azure regions. For more information, see: + https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require nodes + in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs + to make a direct connection to a cloud virtual machine to minimize + hops. For more information see [assigning a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + hostGroupID: + description: 'HostGroupID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + type: string + id: + description: 'Id: Resource ID.' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of container + log files that can be present for a container. The number must + be ≥ 2.' + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' Valid + values are a sequence of decimal numbers with an optional fraction + and a unit suffix. For example: ''300ms'', ''2h45m''. Supported + units are ''ns'', ''us'', ''ms'', ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. See [Kubernetes + CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information see + [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', ''best-effort'', + ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral storage.' + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are ''always'', + ''defer'', ''defer+madvise'', ''madvise'' and ''never''. The + default is ''madvise''. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are ''always'', + ''madvise'', and ''never''. The default is ''always''. For more + information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' Agent + Pool at all times. For additional information on agent pool restrictions and + best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + type: string + name: + description: 'Name: The name of the resource that is unique within + a resource group. This name can be used to access the resource.' + type: string + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: 'NodePublicIPPrefixID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + (e.g. 1.20.13) and (e.g. 1.20) are supported. When + is specified, the latest supported GA patch version + is chosen automatically. Updating the cluster with the same + once it has been created (e.g. 1.14.x -> 1.14) will not trigger + an upgrade, even if a newer patch version is available. As a best + practice, you should upgrade all node pools in an AKS cluster to + the same Kubernetes version. The node pool version must have the + same major version as the control plane. The node pool minor version + must be within two minor versions of the control plane version. + The node pool version cannot be greater than the control plane version. + For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the VM supports + it and has a cache disk larger than the requested OSDiskSizeGB. + Otherwise, defaults to ''Managed''. May not be changed after creation. + For more information see [Ephemeral OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent pool. + The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 + if OSType is Windows.' + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + type: string + podSubnetID: + description: 'PodSubnetID: If omitted, pod IPs are statically assigned + on the node subnet (see vnetSubnetID for more details). This is + of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + powerState: + description: 'PowerState: When an Agent Pool is first created it is + initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and + does not accrue billing charges. An Agent Pool can only be stopped + if it is Running and provisioning state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + properties_type: + description: 'PropertiesType: The type of Agent Pool.' + type: string + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity Placement + Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified unless + the scaleSetPriority is ''Spot''. If not specified, the default + is ''Delete''.' + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal value + greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: Resource type' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer (e.g. + ''5'') or a percentage (e.g. ''50%''). If a percentage is specified, + it is the percentage of the total agent pool size at the time + of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, + including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. If a + node contains insufficient compute resources (memory, cpu, etc) + pods might fail to run correctly. For more details on restricted + VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetID: + description: 'VnetSubnetID: If this is not specified, a VNET and subnet + will be generated and used. If no podSubnetID is specified, this + applies to nodes and pods, otherwise it applies to just nodes. This + is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230201storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20230201.ManagedClustersAgentPool Generator + information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-02-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20230201.ManagedClusters_AgentPool_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + count: + type: integer + creationData: + description: Storage version of v1api20230201.CreationData Data used + when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupReference: + description: 'HostGroupReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: Storage version of v1api20230201.KubeletConfig See [AKS + custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20230201.LinuxOSConfig See [AKS + custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20230201.SysctlConfig Sysctl + settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixReference: + description: 'NodePublicIPPrefixReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + originalVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: Storage version of v1api20230201.PowerState Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20230201.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + type: string + required: + - owner + type: object + status: + description: Storage version of v1api20230201.ManagedClusters_AgentPool_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + type: integer + creationData: + description: Storage version of v1api20230201.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + sourceResourceId: + type: string + type: object + currentOrchestratorVersion: + type: string + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupID: + type: string + id: + type: string + kubeletConfig: + description: Storage version of v1api20230201.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20230201.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20230201.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + nodeImageVersion: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: Storage version of v1api20230201.PowerState_STATUS Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + properties_type: + type: string + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20230201.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetID: + type: string + workloadRuntime: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230202preview + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-02-02-preview/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones to + use for nodes. This can only be specified if the AgentPoolType property + is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + capacityReservationGroupID: + description: 'CapacityReservationGroupID: AKS will associate the specified + agent pool with the Capacity Reservation Group.' + type: string + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) for + user pools and in the range of 1 to 1000 (inclusive) for system + pools. The default value is 1.' + type: integer + creationData: + description: 'CreationData: CreationData to be used to specify the + source Snapshot ID if the node pool will be created/upgraded using + a snapshot.' + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: 'EnableCustomCATrust: When set to true, AKS adds a label + to the node indicating that the feature is enabled and deploys a + daemonset along with host services to sync custom certificate authorities + from user-provided list of base64 encoded certificates into node + trust stores. Defaults to false.' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported on certain + VM sizes and in certain Azure regions. For more information, see: + https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require nodes + in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs + to make a direct connection to a cloud virtual machine to minimize + hops. For more information see [assigning a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + hostGroupReference: + description: 'HostGroupReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of container + log files that can be present for a container. The number must + be ≥ 2.' + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' Valid + values are a sequence of decimal numbers with an optional fraction + and a unit suffix. For example: ''300ms'', ''2h45m''. Supported + units are ''ns'', ''us'', ''ms'', ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. See [Kubernetes + CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information see + [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', ''best-effort'', + ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral storage.' + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are ''always'', + ''defer'', ''defer+madvise'', ''madvise'' and ''never''. The + default is ''madvise''. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are ''always'', + ''madvise'', and ''never''. The default is ''always''. For more + information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + messageOfTheDay: + description: 'MessageOfTheDay: A base64-encoded string which will + be written to /etc/motd after decoding. This allows customization + of the message of the day for Linux nodes. It must not be specified + for Windows nodes. It must be a static string (i.e., will be printed + raw and not be executed as a script).' + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' Agent + Pool at all times. For additional information on agent pool restrictions and + best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + enum: + - System + - User + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an agent + pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are allowed + to access. The specified ranges are allowed to overlap.' + items: + description: The port range. + properties: + portEnd: + description: 'PortEnd: The maximum port that is included + in the range. It should be ranged from 1 to 65535, and + be greater than or equal to portStart.' + maximum: 65535 + minimum: 1 + type: integer + portStart: + description: 'PortStart: The minimum port that is included + in the range. It should be ranged from 1 to 65535, and + be less than or equal to portEnd.' + maximum: 65535 + minimum: 1 + type: integer + protocol: + description: 'Protocol: The network protocol of the port.' + enum: + - TCP + - UDP + type: string + type: object + type: array + applicationSecurityGroupsReferences: + description: 'ApplicationSecurityGroupsReferences: The IDs of + the application security groups which agent pool will associate + when created.' + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure resource + via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level public + IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated with + the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixReference: + description: 'NodePublicIPPrefixReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + and are supported. When is specified, + the latest supported patch version is chosen automatically. Updating + the agent pool with the same once it has been created + will not trigger an upgrade, even if a newer patch version is available. + As a best practice, you should upgrade all node pools in an AKS + cluster to the same Kubernetes version. The node pool version must + have the same major version as the control plane. The node pool + minor version must be within two minor versions of the control plane + version. The node pool version cannot be greater than the control + plane version. For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the VM supports + it and has a cache disk larger than the requested OSDiskSizeGB. + Otherwise, defaults to ''Managed''. May not be changed after creation. + For more information see [Ephemeral OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent pool. + If not specified, the default is Ubuntu if OSType=Linux or Windows2019 + if OSType=Windows. And the default Windows OSSKU will be changed + to Windows2022 after Windows2019 is deprecated.' + enum: + - CBLMariner + - Mariner + - Ubuntu + - Windows2019 + - Windows2022 + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + enum: + - Linux + - Windows + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: 'PowerState: When an Agent Pool is first created it is + initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and + does not accrue billing charges. An Agent Pool can only be stopped + if it is Running and provisioning state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified unless + the scaleSetPriority is ''Spot''. If not specified, the default + is ''Delete''.' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal value + greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer (e.g. + ''5'') or a percentage (e.g. ''50%''). If a percentage is specified, + it is the percentage of the total agent pool size at the time + of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, + including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. If a + node contains insufficient compute resources (memory, cpu, etc) + pods might fail to run correctly. For more details on restricted + VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific profile.' + properties: + disableOutboundNat: + description: 'DisableOutboundNat: The default value is false. + Outbound NAT can only be disabled if the cluster outboundType + is NAT Gateway and the Windows agent pool does not have node + public IP enabled.' + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + enum: + - KataMshvVmIsolation + - OCIContainer + - WasmWasi + type: string + required: + - owner + type: object + status: + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones to + use for nodes. This can only be specified if the AgentPoolType property + is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + capacityReservationGroupID: + description: 'CapacityReservationGroupID: AKS will associate the specified + agent pool with the Capacity Reservation Group.' + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) for + user pools and in the range of 1 to 1000 (inclusive) for system + pools. The default value is 1.' + type: integer + creationData: + description: 'CreationData: CreationData to be used to specify the + source Snapshot ID if the node pool will be created/upgraded using + a snapshot.' + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the source + object to be used to create the target object.' + type: string + type: object + currentOrchestratorVersion: + description: 'CurrentOrchestratorVersion: If orchestratorVersion was + a fully specified version , this field will be + exactly equal to it. If orchestratorVersion was , this + field will contain the full version being used.' + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: 'EnableCustomCATrust: When set to true, AKS adds a label + to the node indicating that the feature is enabled and deploys a + daemonset along with host services to sync custom certificate authorities + from user-provided list of base64 encoded certificates into node + trust stores. Defaults to false.' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported on certain + VM sizes and in certain Azure regions. For more information, see: + https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require nodes + in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs + to make a direct connection to a cloud virtual machine to minimize + hops. For more information see [assigning a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + hostGroupID: + description: 'HostGroupID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + type: string + id: + description: 'Id: Resource ID.' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of container + log files that can be present for a container. The number must + be ≥ 2.' + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' Valid + values are a sequence of decimal numbers with an optional fraction + and a unit suffix. For example: ''300ms'', ''2h45m''. Supported + units are ''ns'', ''us'', ''ms'', ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. See [Kubernetes + CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information see + [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', ''best-effort'', + ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral storage.' + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are ''always'', + ''defer'', ''defer+madvise'', ''madvise'' and ''never''. The + default is ''madvise''. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are ''always'', + ''madvise'', and ''never''. The default is ''always''. For more + information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + messageOfTheDay: + description: 'MessageOfTheDay: A base64-encoded string which will + be written to /etc/motd after decoding. This allows customization + of the message of the day for Linux nodes. It must not be specified + for Windows nodes. It must be a static string (i.e., will be printed + raw and not be executed as a script).' + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' Agent + Pool at all times. For additional information on agent pool restrictions and + best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + type: string + name: + description: 'Name: The name of the resource that is unique within + a resource group. This name can be used to access the resource.' + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an agent + pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are allowed + to access. The specified ranges are allowed to overlap.' + items: + description: The port range. + properties: + portEnd: + description: 'PortEnd: The maximum port that is included + in the range. It should be ranged from 1 to 65535, and + be greater than or equal to portStart.' + type: integer + portStart: + description: 'PortStart: The minimum port that is included + in the range. It should be ranged from 1 to 65535, and + be less than or equal to portEnd.' + type: integer + protocol: + description: 'Protocol: The network protocol of the port.' + type: string + type: object + type: array + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: The IDs of the application + security groups which agent pool will associate when created.' + items: + type: string + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level public + IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated with + the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: 'NodePublicIPPrefixID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + and are supported. When is specified, + the latest supported patch version is chosen automatically. Updating + the agent pool with the same once it has been created + will not trigger an upgrade, even if a newer patch version is available. + As a best practice, you should upgrade all node pools in an AKS + cluster to the same Kubernetes version. The node pool version must + have the same major version as the control plane. The node pool + minor version must be within two minor versions of the control plane + version. The node pool version cannot be greater than the control + plane version. For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the VM supports + it and has a cache disk larger than the requested OSDiskSizeGB. + Otherwise, defaults to ''Managed''. May not be changed after creation. + For more information see [Ephemeral OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent pool. + If not specified, the default is Ubuntu if OSType=Linux or Windows2019 + if OSType=Windows. And the default Windows OSSKU will be changed + to Windows2022 after Windows2019 is deprecated.' + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + type: string + podSubnetID: + description: 'PodSubnetID: If omitted, pod IPs are statically assigned + on the node subnet (see vnetSubnetID for more details). This is + of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + powerState: + description: 'PowerState: When an Agent Pool is first created it is + initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and + does not accrue billing charges. An Agent Pool can only be stopped + if it is Running and provisioning state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + properties_type: + description: 'PropertiesType: The type of Agent Pool.' + type: string + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity Placement + Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified unless + the scaleSetPriority is ''Spot''. If not specified, the default + is ''Delete''.' + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal value + greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: Resource type' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer (e.g. + ''5'') or a percentage (e.g. ''50%''). If a percentage is specified, + it is the percentage of the total agent pool size at the time + of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, + including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. If a + node contains insufficient compute resources (memory, cpu, etc) + pods might fail to run correctly. For more details on restricted + VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetID: + description: 'VnetSubnetID: If this is not specified, a VNET and subnet + will be generated and used. If no podSubnetID is specified, this + applies to nodes and pods, otherwise it applies to just nodes. This + is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific profile.' + properties: + disableOutboundNat: + description: 'DisableOutboundNat: The default value is false. + Outbound NAT can only be disabled if the cluster outboundType + is NAT Gateway and the Windows agent pool does not have node + public IP enabled.' + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230202previewstorage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20230202preview.ManagedClustersAgentPool + Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-02-02-preview/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20230202preview.ManagedClusters_AgentPool_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + capacityReservationGroupID: + type: string + count: + type: integer + creationData: + description: Storage version of v1api20230202preview.CreationData + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + type: boolean + enableCustomCATrust: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupReference: + description: 'HostGroupReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: Storage version of v1api20230202preview.KubeletConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20230202preview.LinuxOSConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20230202preview.SysctlConfig + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + messageOfTheDay: + type: string + minCount: + type: integer + mode: + type: string + networkProfile: + description: Storage version of v1api20230202preview.AgentPoolNetworkProfile + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: Storage version of v1api20230202preview.PortRange + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroupsReferences: + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure resource + via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + items: + description: Storage version of v1api20230202preview.IPTag Contains + the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixReference: + description: 'NodePublicIPPrefixReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + originalVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: Storage version of v1api20230202preview.PowerState Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20230202preview.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsProfile: + description: Storage version of v1api20230202preview.AgentPoolWindowsProfile + The Windows agent pool's specific profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + disableOutboundNat: + type: boolean + type: object + workloadRuntime: + type: string + required: + - owner + type: object + status: + description: Storage version of v1api20230202preview.ManagedClusters_AgentPool_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + capacityReservationGroupID: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + type: integer + creationData: + description: Storage version of v1api20230202preview.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + sourceResourceId: + type: string + type: object + currentOrchestratorVersion: + type: string + enableAutoScaling: + type: boolean + enableCustomCATrust: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupID: + type: string + id: + type: string + kubeletConfig: + description: Storage version of v1api20230202preview.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20230202preview.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20230202preview.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + messageOfTheDay: + type: string + minCount: + type: integer + mode: + type: string + name: + type: string + networkProfile: + description: Storage version of v1api20230202preview.AgentPoolNetworkProfile_STATUS + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: Storage version of v1api20230202preview.PortRange_STATUS + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroups: + items: + type: string + type: array + nodePublicIPTags: + items: + description: Storage version of v1api20230202preview.IPTag_STATUS + Contains the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeImageVersion: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: Storage version of v1api20230202preview.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + properties_type: + type: string + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20230202preview.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetID: + type: string + windowsProfile: + description: Storage version of v1api20230202preview.AgentPoolWindowsProfile_STATUS + The Windows agent pool's specific profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + disableOutboundNat: + type: boolean + type: object + workloadRuntime: + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.4.0 + name: natgateways.network.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: network.azure.com + names: + kind: NatGateway + listKind: NatGatewayList + plural: natgateways + singular: natgateway + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20220701 + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/natGateway.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/natGateways/{natGatewayName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: The idle timeout of the nat gateway.' + type: integer + location: + description: 'Location: Resource location.' + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + publicIpAddresses: + description: 'PublicIpAddresses: An array of public ip addresses associated + with the nat gateway resource.' + items: + description: Reference to another subresource. + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + publicIpPrefixes: + description: 'PublicIpPrefixes: An array of public ip prefixes associated + with the nat gateway resource.' + items: + description: Reference to another subresource. + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + sku: + description: 'Sku: The nat gateway SKU.' + properties: + name: + description: 'Name: Name of Nat Gateway SKU.' + enum: + - Standard + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + zones: + description: 'Zones: A list of availability zones denoting the zone + in which Nat Gateway should be deployed.' + items: + type: string + type: array + required: + - owner + type: object + status: + description: Nat Gateway resource. + properties: + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + id: + description: 'Id: Resource ID.' + type: string + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: The idle timeout of the nat gateway.' + type: integer + location: + description: 'Location: Resource location.' + type: string + name: + description: 'Name: Resource name.' + type: string + provisioningState: + description: 'ProvisioningState: The provisioning state of the NAT + gateway resource.' + type: string + publicIpAddresses: + description: 'PublicIpAddresses: An array of public ip addresses associated + with the nat gateway resource.' + items: + description: Reference to another subresource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + publicIpPrefixes: + description: 'PublicIpPrefixes: An array of public ip prefixes associated + with the nat gateway resource.' + items: + description: Reference to another subresource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + resourceGuid: + description: 'ResourceGuid: The resource GUID property of the NAT + gateway resource.' + type: string + sku: + description: 'Sku: The nat gateway SKU.' + properties: + name: + description: 'Name: Name of Nat Gateway SKU.' + type: string + type: object + subnets: + description: 'Subnets: An array of references to the subnets using + this nat gateway resource.' + items: + description: Reference to another subresource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: Resource type.' + type: string + zones: + description: 'Zones: A list of availability zones denoting the zone + in which Nat Gateway should be deployed.' + items: + type: string + type: array + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20220701storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20220701.NatGateway Generator information: + - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/natGateway.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/natGateways/{natGatewayName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20220701.NatGateway_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + idleTimeoutInMinutes: + type: integer + location: + type: string + originalVersion: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + publicIpAddresses: + items: + description: Storage version of v1api20220701.ApplicationGatewaySubResource + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + publicIpPrefixes: + items: + description: Storage version of v1api20220701.ApplicationGatewaySubResource + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + sku: + description: Storage version of v1api20220701.NatGatewaySku SKU of + nat gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + zones: + items: + type: string + type: array + required: + - owner + type: object + status: + description: Storage version of v1api20220701.NatGateway_STATUS Nat Gateway + resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + etag: + type: string + id: + type: string + idleTimeoutInMinutes: + type: integer + location: + type: string + name: + type: string + provisioningState: + type: string + publicIpAddresses: + items: + description: Storage version of v1api20220701.ApplicationGatewaySubResource_STATUS + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + publicIpPrefixes: + items: + description: Storage version of v1api20220701.ApplicationGatewaySubResource_STATUS + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + resourceGuid: + type: string + sku: + description: Storage version of v1api20220701.NatGatewaySku_STATUS + SKU of nat gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: object + subnets: + items: + description: Storage version of v1api20220701.ApplicationGatewaySubResource_STATUS + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + tags: + additionalProperties: + type: string + type: object + type: + type: string + zones: + items: + type: string + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.4.0 + name: resourcegroups.resources.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: resources.azure.com + names: + kind: ResourceGroup + listKind: ResourceGroupList + plural: resourcegroups + singular: resourcegroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20200601 + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /resources/resource-manager/Microsoft.Resources/stable/2020-06-01/resources.json + - ARM URI: /subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + maxLength: 90 + minLength: 1 + type: string + location: + description: 'Location: The location of the resource group. It cannot + be changed after the resource group has been created. It must be + one of the supported Azure locations.' + type: string + managedBy: + description: 'ManagedBy: The ID of the resource that manages this + resource group.' + type: string + tags: + additionalProperties: + type: string + description: 'Tags: The tags attached to the resource group.' + type: object + required: + - location + type: object + status: + description: Resource group information. + properties: + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + id: + description: 'Id: The ID of the resource group.' + type: string + location: + description: 'Location: The location of the resource group. It cannot + be changed after the resource group has been created. It must be + one of the supported Azure locations.' + type: string + managedBy: + description: 'ManagedBy: The ID of the resource that manages this + resource group.' + type: string + name: + description: 'Name: The name of the resource group.' + type: string + properties: + description: 'Properties: The resource group properties.' + properties: + provisioningState: + description: 'ProvisioningState: The provisioning state.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: The tags attached to the resource group.' + type: object + type: + description: 'Type: The type of the resource group.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20200601storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20200601.ResourceGroup Generator information: + - Generated from: /resources/resource-manager/Microsoft.Resources/stable/2020-06-01/resources.json + - ARM URI: /subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20200601.ResourceGroup_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + maxLength: 90 + minLength: 1 + type: string + location: + type: string + managedBy: + type: string + originalVersion: + type: string + tags: + additionalProperties: + type: string + type: object + type: object + status: + description: Storage version of v1api20200601.ResourceGroup_STATUS Resource + group information. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + id: + type: string + location: + type: string + managedBy: + type: string + name: + type: string + properties: + description: Storage version of v1api20200601.ResourceGroupProperties_STATUS + The resource group properties. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + provisioningState: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + type: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/name: azure-service-operator + name: azureserviceoperator-default + namespace: capz-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-manager + namespace: capz-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: azureserviceoperator-leader-election-role + namespace: capz-system +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-leader-election-role + namespace: capz-system +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: azureserviceoperator-crd-reader-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: azureserviceoperator-manager-role +rules: +- apiGroups: + - apimanagement.azure.com + resources: + - apis + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - apis/finalizers + - apis/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - apiversionsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - apiversionsets/finalizers + - apiversionsets/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - backends + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - backends/finalizers + - backends/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - namedvalues + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - namedvalues/finalizers + - namedvalues/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - policies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - policies/finalizers + - policies/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - policyfragments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - policyfragments/finalizers + - policyfragments/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - products + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - products/finalizers + - products/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - services/finalizers + - services/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - subscriptions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - subscriptions/finalizers + - subscriptions/status + verbs: + - get + - patch + - update +- apiGroups: + - appconfiguration.azure.com + resources: + - configurationstores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - appconfiguration.azure.com + resources: + - configurationstores/finalizers + - configurationstores/status + verbs: + - get + - patch + - update +- apiGroups: + - authorization.azure.com + resources: + - roleassignments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - authorization.azure.com + resources: + - roleassignments/finalizers + - roleassignments/status + verbs: + - get + - patch + - update +- apiGroups: + - batch.azure.com + resources: + - batchaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch.azure.com + resources: + - batchaccounts/finalizers + - batchaccounts/status + verbs: + - get + - patch + - update +- apiGroups: + - cache.azure.com + resources: + - redis + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cache.azure.com + resources: + - redis/finalizers + - redis/status + verbs: + - get + - patch + - update +- apiGroups: + - cache.azure.com + resources: + - redisenterprisedatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cache.azure.com + resources: + - redisenterprisedatabases/finalizers + - redisenterprisedatabases/status + verbs: + - get + - patch + - update +- apiGroups: + - cache.azure.com + resources: + - redisenterprises + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cache.azure.com + resources: + - redisenterprises/finalizers + - redisenterprises/status + verbs: + - get + - patch + - update +- apiGroups: + - cache.azure.com + resources: + - redisfirewallrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cache.azure.com + resources: + - redisfirewallrules/finalizers + - redisfirewallrules/status + verbs: + - get + - patch + - update +- apiGroups: + - cache.azure.com + resources: + - redislinkedservers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cache.azure.com + resources: + - redislinkedservers/finalizers + - redislinkedservers/status + verbs: + - get + - patch + - update +- apiGroups: + - cache.azure.com + resources: + - redispatchschedules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cache.azure.com + resources: + - redispatchschedules/finalizers + - redispatchschedules/status + verbs: + - get + - patch + - update +- apiGroups: + - cdn.azure.com + resources: + - profiles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cdn.azure.com + resources: + - profiles/finalizers + - profiles/status + verbs: + - get + - patch + - update +- apiGroups: + - cdn.azure.com + resources: + - profilesendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cdn.azure.com + resources: + - profilesendpoints/finalizers + - profilesendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - diskencryptionsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - diskencryptionsets/finalizers + - diskencryptionsets/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - disks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - disks/finalizers + - disks/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - images + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - images/finalizers + - images/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - snapshots + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - snapshots/finalizers + - snapshots/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - virtualmachines + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - virtualmachines/finalizers + - virtualmachines/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - virtualmachinescalesets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - virtualmachinescalesets/finalizers + - virtualmachinescalesets/status + verbs: + - get + - patch + - update +- apiGroups: + - containerinstance.azure.com + resources: + - containergroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerinstance.azure.com + resources: + - containergroups/finalizers + - containergroups/status + verbs: + - get + - patch + - update +- apiGroups: + - containerregistry.azure.com + resources: + - registries + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerregistry.azure.com + resources: + - registries/finalizers + - registries/status + verbs: + - get + - patch + - update +- apiGroups: + - containerservice.azure.com + resources: + - fleets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - fleets/finalizers + - fleets/status + verbs: + - get + - patch + - update +- apiGroups: + - containerservice.azure.com + resources: + - fleetsmembers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - fleetsmembers/finalizers + - fleetsmembers/status + verbs: + - get + - patch + - update +- apiGroups: + - containerservice.azure.com + resources: + - fleetsupdateruns + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - fleetsupdateruns/finalizers + - fleetsupdateruns/status + verbs: + - get + - patch + - update +- apiGroups: + - containerservice.azure.com + resources: + - managedclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - managedclusters/finalizers + - managedclusters/status + verbs: + - get + - patch + - update +- apiGroups: + - containerservice.azure.com + resources: + - managedclustersagentpools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - managedclustersagentpools/finalizers + - managedclustersagentpools/status + verbs: + - get + - patch + - update +- apiGroups: + - containerservice.azure.com + resources: + - trustedaccessrolebindings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - trustedaccessrolebindings/finalizers + - trustedaccessrolebindings/status + verbs: + - get + - patch + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - datafactory.azure.com + resources: + - factories + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - datafactory.azure.com + resources: + - factories/finalizers + - factories/status + verbs: + - get + - patch + - update +- apiGroups: + - dataprotection.azure.com + resources: + - backupvaults + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dataprotection.azure.com + resources: + - backupvaults/finalizers + - backupvaults/status + verbs: + - get + - patch + - update +- apiGroups: + - dataprotection.azure.com + resources: + - backupvaultsbackuppolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dataprotection.azure.com + resources: + - backupvaultsbackuppolicies/finalizers + - backupvaultsbackuppolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformariadb.azure.com + resources: + - configurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformariadb.azure.com + resources: + - configurations/finalizers + - configurations/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformariadb.azure.com + resources: + - databases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformariadb.azure.com + resources: + - databases/finalizers + - databases/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformariadb.azure.com + resources: + - servers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformariadb.azure.com + resources: + - servers/finalizers + - servers/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleservers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleservers/finalizers + - flexibleservers/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversadministrators + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversadministrators/finalizers + - flexibleserversadministrators/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversconfigurations/finalizers + - flexibleserversconfigurations/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversdatabases/finalizers + - flexibleserversdatabases/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversfirewallrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversfirewallrules/finalizers + - flexibleserversfirewallrules/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformysql.azure.com + resources: + - users + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformysql.azure.com + resources: + - users/finalizers + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleservers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleservers/finalizers + - flexibleservers/status + verbs: + - get + - patch + - update +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleserversconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleserversconfigurations/finalizers + - flexibleserversconfigurations/status + verbs: + - get + - patch + - update +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleserversdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleserversdatabases/finalizers + - flexibleserversdatabases/status + verbs: + - get + - patch + - update +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleserversfirewallrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleserversfirewallrules/finalizers + - flexibleserversfirewallrules/status + verbs: + - get + - patch + - update +- apiGroups: + - dbforpostgresql.azure.com + resources: + - users + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbforpostgresql.azure.com + resources: + - users/finalizers + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - devices.azure.com + resources: + - iothubs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - devices.azure.com + resources: + - iothubs/finalizers + - iothubs/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - databaseaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - databaseaccounts/finalizers + - databaseaccounts/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabasecollections + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabasecollections/finalizers + - mongodbdatabasecollections/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabasecollectionthroughputsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabasecollectionthroughputsettings/finalizers + - mongodbdatabasecollectionthroughputsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabases/finalizers + - mongodbdatabases/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabasethroughputsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabasethroughputsettings/finalizers + - mongodbdatabasethroughputsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainers/finalizers + - sqldatabasecontainers/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainerstoredprocedures + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainerstoredprocedures/finalizers + - sqldatabasecontainerstoredprocedures/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainerthroughputsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainerthroughputsettings/finalizers + - sqldatabasecontainerthroughputsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainertriggers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainertriggers/finalizers + - sqldatabasecontainertriggers/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontaineruserdefinedfunctions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontaineruserdefinedfunctions/finalizers + - sqldatabasecontaineruserdefinedfunctions/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabases/finalizers + - sqldatabases/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasethroughputsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasethroughputsettings/finalizers + - sqldatabasethroughputsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqlroleassignments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqlroleassignments/finalizers + - sqlroleassignments/status + verbs: + - get + - patch + - update +- apiGroups: + - eventgrid.azure.com + resources: + - domains + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventgrid.azure.com + resources: + - domains/finalizers + - domains/status + verbs: + - get + - patch + - update +- apiGroups: + - eventgrid.azure.com + resources: + - domainstopics + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventgrid.azure.com + resources: + - domainstopics/finalizers + - domainstopics/status + verbs: + - get + - patch + - update +- apiGroups: + - eventgrid.azure.com + resources: + - eventsubscriptions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventgrid.azure.com + resources: + - eventsubscriptions/finalizers + - eventsubscriptions/status + verbs: + - get + - patch + - update +- apiGroups: + - eventgrid.azure.com + resources: + - topics + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventgrid.azure.com + resources: + - topics/finalizers + - topics/status + verbs: + - get + - patch + - update +- apiGroups: + - eventhub.azure.com + resources: + - namespaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventhub.azure.com + resources: + - namespaces/finalizers + - namespaces/status + verbs: + - get + - patch + - update +- apiGroups: + - eventhub.azure.com + resources: + - namespacesauthorizationrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventhub.azure.com + resources: + - namespacesauthorizationrules/finalizers + - namespacesauthorizationrules/status + verbs: + - get + - patch + - update +- apiGroups: + - eventhub.azure.com + resources: + - namespaceseventhubs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventhub.azure.com + resources: + - namespaceseventhubs/finalizers + - namespaceseventhubs/status + verbs: + - get + - patch + - update +- apiGroups: + - eventhub.azure.com + resources: + - namespaceseventhubsauthorizationrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventhub.azure.com + resources: + - namespaceseventhubsauthorizationrules/finalizers + - namespaceseventhubsauthorizationrules/status + verbs: + - get + - patch + - update +- apiGroups: + - eventhub.azure.com + resources: + - namespaceseventhubsconsumergroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventhub.azure.com + resources: + - namespaceseventhubsconsumergroups/finalizers + - namespaceseventhubsconsumergroups/status + verbs: + - get + - patch + - update +- apiGroups: + - insights.azure.com + resources: + - actiongroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - insights.azure.com + resources: + - actiongroups/finalizers + - actiongroups/status + verbs: + - get + - patch + - update +- apiGroups: + - insights.azure.com + resources: + - autoscalesettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - insights.azure.com + resources: + - autoscalesettings/finalizers + - autoscalesettings/status + verbs: + - get + - patch + - update +- apiGroups: + - insights.azure.com + resources: + - components + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - insights.azure.com + resources: + - components/finalizers + - components/status + verbs: + - get + - patch + - update +- apiGroups: + - insights.azure.com + resources: + - metricalerts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - insights.azure.com + resources: + - metricalerts/finalizers + - metricalerts/status + verbs: + - get + - patch + - update +- apiGroups: + - insights.azure.com + resources: + - scheduledqueryrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - insights.azure.com + resources: + - scheduledqueryrules/finalizers + - scheduledqueryrules/status + verbs: + - get + - patch + - update +- apiGroups: + - insights.azure.com + resources: + - webtests + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - insights.azure.com + resources: + - webtests/finalizers + - webtests/status + verbs: + - get + - patch + - update +- apiGroups: + - keyvault.azure.com + resources: + - vaults + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - keyvault.azure.com + resources: + - vaults/finalizers + - vaults/status + verbs: + - get + - patch + - update +- apiGroups: + - kubernetesconfiguration.azure.com + resources: + - extensions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - kubernetesconfiguration.azure.com + resources: + - extensions/finalizers + - extensions/status + verbs: + - get + - patch + - update +- apiGroups: + - machinelearningservices.azure.com + resources: + - workspaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - machinelearningservices.azure.com + resources: + - workspaces/finalizers + - workspaces/status + verbs: + - get + - patch + - update +- apiGroups: + - machinelearningservices.azure.com + resources: + - workspacescomputes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - machinelearningservices.azure.com + resources: + - workspacescomputes/finalizers + - workspacescomputes/status + verbs: + - get + - patch + - update +- apiGroups: + - machinelearningservices.azure.com + resources: + - workspacesconnections + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - machinelearningservices.azure.com + resources: + - workspacesconnections/finalizers + - workspacesconnections/status + verbs: + - get + - patch + - update +- apiGroups: + - managedidentity.azure.com + resources: + - federatedidentitycredentials + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - managedidentity.azure.com + resources: + - federatedidentitycredentials/finalizers + - federatedidentitycredentials/status + verbs: + - get + - patch + - update +- apiGroups: + - managedidentity.azure.com + resources: + - userassignedidentities + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - managedidentity.azure.com + resources: + - userassignedidentities/finalizers + - userassignedidentities/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - applicationgateways + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - applicationgateways/finalizers + - applicationgateways/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - bastionhosts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - bastionhosts/finalizers + - bastionhosts/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnsforwardingrulesets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnsforwardingrulesets/finalizers + - dnsforwardingrulesets/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnsforwardingrulesetsforwardingrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnsforwardingrulesetsforwardingrules/finalizers + - dnsforwardingrulesetsforwardingrules/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnsresolvers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnsresolvers/finalizers + - dnsresolvers/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnsresolversinboundendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnsresolversinboundendpoints/finalizers + - dnsresolversinboundendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnsresolversoutboundendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnsresolversoutboundendpoints/finalizers + - dnsresolversoutboundendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszones + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszones/finalizers + - dnszones/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonesaaaarecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonesaaaarecords/finalizers + - dnszonesaaaarecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonesarecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonesarecords/finalizers + - dnszonesarecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonescaarecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonescaarecords/finalizers + - dnszonescaarecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonescnamerecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonescnamerecords/finalizers + - dnszonescnamerecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonesmxrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonesmxrecords/finalizers + - dnszonesmxrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonesnsrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonesnsrecords/finalizers + - dnszonesnsrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonesptrrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonesptrrecords/finalizers + - dnszonesptrrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonessrvrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonessrvrecords/finalizers + - dnszonessrvrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonestxtrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonestxtrecords/finalizers + - dnszonestxtrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - loadbalancers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - loadbalancers/finalizers + - loadbalancers/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - loadbalancersinboundnatrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - loadbalancersinboundnatrules/finalizers + - loadbalancersinboundnatrules/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - natgateways + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - natgateways/finalizers + - natgateways/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - networkinterfaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - networkinterfaces/finalizers + - networkinterfaces/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - networksecuritygroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - networksecuritygroups/finalizers + - networksecuritygroups/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - networksecuritygroupssecurityrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - networksecuritygroupssecurityrules/finalizers + - networksecuritygroupssecurityrules/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszones + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszones/finalizers + - privatednszones/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonesaaaarecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonesaaaarecords/finalizers + - privatednszonesaaaarecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonesarecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonesarecords/finalizers + - privatednszonesarecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonescnamerecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonescnamerecords/finalizers + - privatednszonescnamerecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonesmxrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonesmxrecords/finalizers + - privatednszonesmxrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonesptrrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonesptrrecords/finalizers + - privatednszonesptrrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonessrvrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonessrvrecords/finalizers + - privatednszonessrvrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonestxtrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonestxtrecords/finalizers + - privatednszonestxtrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonesvirtualnetworklinks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonesvirtualnetworklinks/finalizers + - privatednszonesvirtualnetworklinks/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privateendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privateendpoints/finalizers + - privateendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privateendpointsprivatednszonegroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privateendpointsprivatednszonegroups/finalizers + - privateendpointsprivatednszonegroups/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatelinkservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatelinkservices/finalizers + - privatelinkservices/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - publicipaddresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - publicipaddresses/finalizers + - publicipaddresses/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - publicipprefixes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - publicipprefixes/finalizers + - publicipprefixes/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - routetables + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - routetables/finalizers + - routetables/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - routetablesroutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - routetablesroutes/finalizers + - routetablesroutes/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofiles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofiles/finalizers + - trafficmanagerprofiles/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofilesazureendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofilesazureendpoints/finalizers + - trafficmanagerprofilesazureendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofilesexternalendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofilesexternalendpoints/finalizers + - trafficmanagerprofilesexternalendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofilesnestedendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofilesnestedendpoints/finalizers + - trafficmanagerprofilesnestedendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - virtualnetworkgateways + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - virtualnetworkgateways/finalizers + - virtualnetworkgateways/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - virtualnetworks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - virtualnetworks/finalizers + - virtualnetworks/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - virtualnetworkssubnets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - virtualnetworkssubnets/finalizers + - virtualnetworkssubnets/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - virtualnetworksvirtualnetworkpeerings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - virtualnetworksvirtualnetworkpeerings/finalizers + - virtualnetworksvirtualnetworkpeerings/status + verbs: + - get + - patch + - update +- apiGroups: + - operationalinsights.azure.com + resources: + - workspaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - operationalinsights.azure.com + resources: + - workspaces/finalizers + - workspaces/status + verbs: + - get + - patch + - update +- apiGroups: + - resources.azure.com + resources: + - resourcegroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - resources.azure.com + resources: + - resourcegroups/finalizers + - resourcegroups/status + verbs: + - get + - patch + - update +- apiGroups: + - search.azure.com + resources: + - searchservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - search.azure.com + resources: + - searchservices/finalizers + - searchservices/status + verbs: + - get + - patch + - update +- apiGroups: + - servicebus.azure.com + resources: + - namespaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - servicebus.azure.com + resources: + - namespaces/finalizers + - namespaces/status + verbs: + - get + - patch + - update +- apiGroups: + - servicebus.azure.com + resources: + - namespacesauthorizationrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - servicebus.azure.com + resources: + - namespacesauthorizationrules/finalizers + - namespacesauthorizationrules/status + verbs: + - get + - patch + - update +- apiGroups: + - servicebus.azure.com + resources: + - namespacesqueues + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - servicebus.azure.com + resources: + - namespacesqueues/finalizers + - namespacesqueues/status + verbs: + - get + - patch + - update +- apiGroups: + - servicebus.azure.com + resources: + - namespacestopics + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - servicebus.azure.com + resources: + - namespacestopics/finalizers + - namespacestopics/status + verbs: + - get + - patch + - update +- apiGroups: + - servicebus.azure.com + resources: + - namespacestopicssubscriptions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - servicebus.azure.com + resources: + - namespacestopicssubscriptions/finalizers + - namespacestopicssubscriptions/status + verbs: + - get + - patch + - update +- apiGroups: + - servicebus.azure.com + resources: + - namespacestopicssubscriptionsrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - servicebus.azure.com + resources: + - namespacestopicssubscriptionsrules/finalizers + - namespacestopicssubscriptionsrules/status + verbs: + - get + - patch + - update +- apiGroups: + - signalrservice.azure.com + resources: + - signalrs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - signalrservice.azure.com + resources: + - signalrs/finalizers + - signalrs/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - servers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - servers/finalizers + - servers/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversadministrators + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversadministrators/finalizers + - serversadministrators/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversadvancedthreatprotectionsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversadvancedthreatprotectionsettings/finalizers + - serversadvancedthreatprotectionsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversauditingsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversauditingsettings/finalizers + - serversauditingsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversazureadonlyauthentications + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversazureadonlyauthentications/finalizers + - serversazureadonlyauthentications/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversconnectionpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversconnectionpolicies/finalizers + - serversconnectionpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabases/finalizers + - serversdatabases/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesadvancedthreatprotectionsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesadvancedthreatprotectionsettings/finalizers + - serversdatabasesadvancedthreatprotectionsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesauditingsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesauditingsettings/finalizers + - serversdatabasesauditingsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesbackuplongtermretentionpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesbackuplongtermretentionpolicies/finalizers + - serversdatabasesbackuplongtermretentionpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesbackupshorttermretentionpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesbackupshorttermretentionpolicies/finalizers + - serversdatabasesbackupshorttermretentionpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasessecurityalertpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasessecurityalertpolicies/finalizers + - serversdatabasessecurityalertpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasestransparentdataencryptions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasestransparentdataencryptions/finalizers + - serversdatabasestransparentdataencryptions/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesvulnerabilityassessments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesvulnerabilityassessments/finalizers + - serversdatabasesvulnerabilityassessments/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serverselasticpools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serverselasticpools/finalizers + - serverselasticpools/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversfailovergroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversfailovergroups/finalizers + - serversfailovergroups/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversfirewallrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversfirewallrules/finalizers + - serversfirewallrules/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversipv6firewallrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversipv6firewallrules/finalizers + - serversipv6firewallrules/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversoutboundfirewallrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversoutboundfirewallrules/finalizers + - serversoutboundfirewallrules/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serverssecurityalertpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serverssecurityalertpolicies/finalizers + - serverssecurityalertpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversvirtualnetworkrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversvirtualnetworkrules/finalizers + - serversvirtualnetworkrules/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversvulnerabilityassessments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversvulnerabilityassessments/finalizers + - serversvulnerabilityassessments/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccounts/finalizers + - storageaccounts/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsblobservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsblobservices/finalizers + - storageaccountsblobservices/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsblobservicescontainers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsblobservicescontainers/finalizers + - storageaccountsblobservicescontainers/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsfileservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsfileservices/finalizers + - storageaccountsfileservices/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsfileservicesshares + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsfileservicesshares/finalizers + - storageaccountsfileservicesshares/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsmanagementpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsmanagementpolicies/finalizers + - storageaccountsmanagementpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsqueueservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsqueueservices/finalizers + - storageaccountsqueueservices/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsqueueservicesqueues + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsqueueservicesqueues/finalizers + - storageaccountsqueueservicesqueues/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountstableservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountstableservices/finalizers + - storageaccountstableservices/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountstableservicestables + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountstableservicestables/finalizers + - storageaccountstableservicestables/status + verbs: + - get + - patch + - update +- apiGroups: + - subscription.azure.com + resources: + - aliases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - subscription.azure.com + resources: + - aliases/finalizers + - aliases/status + verbs: + - get + - patch + - update +- apiGroups: + - synapse.azure.com + resources: + - workspaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - synapse.azure.com + resources: + - workspaces/finalizers + - workspaces/status + verbs: + - get + - patch + - update +- apiGroups: + - synapse.azure.com + resources: + - workspacesbigdatapools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - synapse.azure.com + resources: + - workspacesbigdatapools/finalizers + - workspacesbigdatapools/status + verbs: + - get + - patch + - update +- apiGroups: + - web.azure.com + resources: + - serverfarms + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - web.azure.com + resources: + - serverfarms/finalizers + - serverfarms/status + verbs: + - get + - patch + - update +- apiGroups: + - web.azure.com + resources: + - sites + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - web.azure.com + resources: + - sites/finalizers + - sites/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: azureserviceoperator-proxy-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-aad-pod-id-nmi-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +- apiGroups: + - aadpodidentity.k8s.io + resources: + - azureidentitybindings + - azureidentities + - azurepodidentityexceptions + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-manager-role +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - aadpodidentity.k8s.io + resources: + - azureidentities + - azureidentities/status + verbs: + - get + - list + - watch +- apiGroups: + - aadpodidentity.k8s.io + resources: + - azureidentitybindings + - azureidentitybindings/status + verbs: + - get + - list + - watch +- apiGroups: + - bootstrap.cluster.x-k8s.io + resources: + - kubeadmconfigs + - kubeadmconfigs/status + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + verbs: + - get + - list + - patch + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinepools + - machinepools/status + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machines + - machines/status + verbs: + - delete + - get + - list + - watch +- apiGroups: + - containerservice.azure.com + resources: + - managedclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - managedclusters/status + verbs: + - get + - list + - watch +- apiGroups: + - containerservice.azure.com + resources: + - managedclustersagentpools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - managedclustersagentpools/status + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azureclusteridentities + - azureclusteridentities/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azureclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azureclusters/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremachinepoolmachines + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremachinepoolmachines/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremachinepools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremachinepools/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremachines + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremachines/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremachinetemplates + - azuremachinetemplates/status + verbs: + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremanagedclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremanagedclusters/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremanagedcontrolplanes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremanagedcontrolplanes/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremanagedmachinepools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremanagedmachinepools/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - natgateways + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - natgateways/status + verbs: + - get + - list + - watch +- apiGroups: + - resources.azure.com + resources: + - resourcegroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - resources.azure.com + resources: + - resourcegroups/status + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: azureserviceoperator-leader-election-rolebinding + namespace: capz-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: azureserviceoperator-leader-election-role +subjects: +- kind: ServiceAccount + name: azureserviceoperator-default + namespace: capz-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-leader-election-rolebinding + namespace: capz-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: capz-leader-election-role +subjects: +- kind: ServiceAccount + name: capz-manager + namespace: capz-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: azureserviceoperator-crd-reader-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: azureserviceoperator-crd-reader-role +subjects: +- kind: ServiceAccount + name: azureserviceoperator-default + namespace: capz-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: azureserviceoperator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: azureserviceoperator-manager-role +subjects: +- kind: ServiceAccount + name: azureserviceoperator-default + namespace: capz-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: azureserviceoperator-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: azureserviceoperator-proxy-role +subjects: +- kind: ServiceAccount + name: azureserviceoperator-default + namespace: capz-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + k8s-app: capz-aad-pod-id-nmi-binding + name: capz-aad-pod-id-nmi-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: capz-aad-pod-id-nmi-role +subjects: +- kind: ServiceAccount + name: capz-manager + namespace: capz-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: capz-manager-role +subjects: +- kind: ServiceAccount + name: capz-manager + namespace: capz-system +--- +apiVersion: v1 +kind: Secret +metadata: + name: aso-controller-settings + namespace: capz-system +stringData: + AZURE_AUTHORITY_HOST: ${AZURE_AUTHORITY_HOST:=""} + AZURE_CLIENT_ID: "" + AZURE_RESOURCE_MANAGER_AUDIENCE: ${AZURE_RESOURCE_MANAGER_AUDIENCE:=""} + AZURE_RESOURCE_MANAGER_ENDPOINT: ${AZURE_RESOURCE_MANAGER_ENDPOINT:=""} + AZURE_SUBSCRIPTION_ID: "" + AZURE_SYNC_PERIOD: ${AZURE_SYNC_PERIOD:=""} + AZURE_TENANT_ID: "" +type: Opaque +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.4.0 + control-plane: controller-manager + name: azureserviceoperator-controller-manager-metrics-service + namespace: capz-system +spec: + ports: + - name: metrics + port: 8080 + selector: + control-plane: controller-manager +--- +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: azureserviceoperator-proxy-service + namespace: capz-system +spec: + ports: + - name: https + port: 8443 + targetPort: https + selector: + control-plane: controller-manager +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.4.0 + name: azureserviceoperator-webhook-service + namespace: capz-system +spec: + ports: + - port: 443 + targetPort: 9443 + selector: + control-plane: controller-manager +--- +apiVersion: v1 +kind: Service +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-webhook-service + namespace: capz-system +spec: + ports: + - port: 443 + targetPort: webhook-server + selector: + cluster.x-k8s.io/provider: infrastructure-azure +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.4.0 + control-plane: controller-manager + name: azureserviceoperator-controller-manager + namespace: capz-system +spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + aadpodidbinding: aso-manager-binding + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.4.0 + control-plane: controller-manager + spec: + containers: + - args: + - --metrics-addr=:8080 + - --health-addr=:8081 + - --enable-leader-election + - --v=2 + - --crd-pattern= + - --webhook-port=9443 + - --webhook-cert-dir=/tmp/k8s-webhook-server/serving-certs + env: + - name: AZURE_CLIENT_ID + valueFrom: + secretKeyRef: + key: AZURE_CLIENT_ID + name: aso-controller-settings + - name: AZURE_CLIENT_SECRET + valueFrom: + secretKeyRef: + key: AZURE_CLIENT_SECRET + name: aso-controller-settings + optional: true + - name: AZURE_TENANT_ID + valueFrom: + secretKeyRef: + key: AZURE_TENANT_ID + name: aso-controller-settings + - name: AZURE_SUBSCRIPTION_ID + valueFrom: + secretKeyRef: + key: AZURE_SUBSCRIPTION_ID + name: aso-controller-settings + - name: AZURE_CLIENT_CERTIFICATE + valueFrom: + secretKeyRef: + key: AZURE_CLIENT_CERTIFICATE + name: aso-controller-settings + optional: true + - name: AZURE_CLIENT_CERTIFICATE_PASSWORD + valueFrom: + secretKeyRef: + key: AZURE_CLIENT_CERTIFICATE_PASSWORD + name: aso-controller-settings + optional: true + - name: AZURE_AUTHORITY_HOST + valueFrom: + secretKeyRef: + key: AZURE_AUTHORITY_HOST + name: aso-controller-settings + optional: true + - name: AZURE_RESOURCE_MANAGER_ENDPOINT + valueFrom: + secretKeyRef: + key: AZURE_RESOURCE_MANAGER_ENDPOINT + name: aso-controller-settings + optional: true + - name: AZURE_RESOURCE_MANAGER_AUDIENCE + valueFrom: + secretKeyRef: + key: AZURE_RESOURCE_MANAGER_AUDIENCE + name: aso-controller-settings + optional: true + - name: AZURE_TARGET_NAMESPACES + valueFrom: + secretKeyRef: + key: AZURE_TARGET_NAMESPACES + name: aso-controller-settings + optional: true + - name: AZURE_OPERATOR_MODE + valueFrom: + secretKeyRef: + key: AZURE_OPERATOR_MODE + name: aso-controller-settings + optional: true + - name: AZURE_SYNC_PERIOD + valueFrom: + secretKeyRef: + key: AZURE_SYNC_PERIOD + name: aso-controller-settings + optional: true + - name: USE_WORKLOAD_IDENTITY_AUTH + valueFrom: + secretKeyRef: + key: USE_WORKLOAD_IDENTITY_AUTH + name: aso-controller-settings + optional: true + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: mcr.microsoft.com/k8s/azureserviceoperator:v2.4.0 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 60 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 8081 + name: health-port + protocol: TCP + - containerPort: 8080 + name: metrics-port + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 60 + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 200m + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /var/run/secrets/tokens + name: azure-identity + readOnly: true + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=10 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: azureserviceoperator-default + terminationGracePeriodSeconds: 10 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert + - name: azure-identity + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + audience: api://AzureADTokenExchange + expirationSeconds: 3600 + path: azure-identity +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + aadpodidbinding: capz-controller-aadpodidentity-selector + cluster.x-k8s.io/provider: infrastructure-azure + control-plane: capz-controller-manager + name: capz-controller-manager + namespace: capz-system +spec: + replicas: 1 + selector: + matchLabels: + cluster.x-k8s.io/provider: infrastructure-azure + control-plane: capz-controller-manager + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + aadpodidbinding: capz-controller-aadpodidentity-selector + azure.workload.identity/use: "true" + cluster.x-k8s.io/provider: infrastructure-azure + control-plane: capz-controller-manager + spec: + containers: + - args: + - --leader-elect + - --metrics-bind-addr=localhost:8080 + - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=false},AKSResourceHealth=${EXP_AKS_RESOURCE_HEALTH:=false},EdgeZone=${EXP_EDGEZONE:=false} + - --v=0 + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/cluster-api-azure/cluster-api-azure-controller:v1.12.3 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + periodSeconds: 10 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + initialDelaySeconds: 10 + periodSeconds: 10 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsGroup: 65532 + runAsUser: 65532 + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + - mountPath: /var/run/secrets/azure/tokens + name: azure-identity-token + readOnly: true + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: capz-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: capz-webhook-service-cert + - name: azure-identity-token + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + audience: api://AzureADTokenExchange + expirationSeconds: 3600 + path: azure-identity-token +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + component: nmi + k8s-app: aad-pod-id + tier: node + name: capz-nmi + namespace: capz-system +spec: + selector: + matchLabels: + cluster.x-k8s.io/provider: infrastructure-azure + component: nmi + tier: node + template: + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + component: nmi + tier: node + spec: + containers: + - args: + - --node=$(NODE_NAME) + - --operation-mode=managed + - --forceNamespaced + - --http-probe-port=8085 + env: + - name: FORCENAMESPACED + value: "true" + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: LOG_LEVEL + value: DEBUG + image: mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.14 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: 8085 + initialDelaySeconds: 10 + periodSeconds: 5 + name: nmi + resources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi + securityContext: + capabilities: + add: + - DAC_READ_SEARCH + - NET_ADMIN + - NET_RAW + drop: + - ALL + runAsUser: 0 + volumeMounts: + - mountPath: /run/xtables.lock + name: iptableslock + - mountPath: /etc/default + name: default-path + readOnly: true + - mountPath: /etc/default/kubelet + name: kubelet-config + readOnly: true + dnsPolicy: ClusterFirstWithHostNet + hostNetwork: true + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-node-critical + serviceAccountName: capz-manager + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - hostPath: + path: /run/xtables.lock + type: FileOrCreate + name: iptableslock + - hostPath: + path: /etc/default + type: DirectoryOrCreate + name: default-path + - hostPath: + path: /etc/default/kubelet + type: FileOrCreate + name: kubelet-config + updateStrategy: + type: RollingUpdate +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: azureserviceoperator-serving-cert + namespace: capz-system +spec: + dnsNames: + - azureserviceoperator-webhook-service.capz-system.svc + - azureserviceoperator-webhook-service.capz-system.svc.cluster.local + issuerRef: + kind: Issuer + name: azureserviceoperator-selfsigned-issuer + secretName: webhook-server-cert +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-serving-cert + namespace: capz-system +spec: + dnsNames: + - capz-webhook-service.capz-system.svc + - capz-webhook-service.capz-system.svc.cluster.local + issuerRef: + kind: Issuer + name: capz-selfsigned-issuer + secretName: capz-webhook-service-cert +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: azureserviceoperator-selfsigned-issuer + namespace: capz-system +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-selfsigned-issuer + namespace: capz-system +spec: + selfSigned: {} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + name: azureserviceoperator-mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-api + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.apis.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - apis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-apiversionset + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.apiversionsets.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - apiversionsets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-backend + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.backends.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - backends + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-namedvalue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.namedvalues.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - namedvalues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-policy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.policies.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - policies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-policyfragment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.policyfragments.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - policyfragments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-product + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.products.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - products + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-service + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.services.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - services + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-subscription + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.subscriptions.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - subscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-appconfiguration-azure-com-v1api20220501-configurationstore + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220501.configurationstores.appconfiguration.azure.com + rules: + - apiGroups: + - appconfiguration.azure.com + apiVersions: + - v1api20220501 + operations: + - CREATE + - UPDATE + resources: + - configurationstores + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-authorization-azure-com-v1api20200801preview-roleassignment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200801preview.roleassignments.authorization.azure.com + rules: + - apiGroups: + - authorization.azure.com + apiVersions: + - v1api20200801preview + operations: + - CREATE + - UPDATE + resources: + - roleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-authorization-azure-com-v1api20220401-roleassignment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220401.roleassignments.authorization.azure.com + rules: + - apiGroups: + - authorization.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - roleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-batch-azure-com-v1api20210101-batchaccount + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101.batchaccounts.batch.azure.com + rules: + - apiGroups: + - batch.azure.com + apiVersions: + - v1api20210101 + operations: + - CREATE + - UPDATE + resources: + - batchaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20201201-redis + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.redis.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20201201-redisfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.redisfirewallrules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redisfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20201201-redislinkedserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.redislinkedservers.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redislinkedservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20201201-redispatchschedule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.redispatchschedules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redispatchschedules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20210301-redisenterprisedatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210301.redisenterprisedatabases.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20210301 + operations: + - CREATE + - UPDATE + resources: + - redisenterprisedatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20210301-redisenterprise + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210301.redisenterprises.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20210301 + operations: + - CREATE + - UPDATE + resources: + - redisenterprises + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20230401-redis + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230401.redis.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20230401-redisfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230401.redisfirewallrules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redisfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20230401-redislinkedserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230401.redislinkedservers.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redislinkedservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20230401-redispatchschedule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230401.redispatchschedules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redispatchschedules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20230701-redisenterprisedatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230701.redisenterprisedatabases.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230701 + operations: + - CREATE + - UPDATE + resources: + - redisenterprisedatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20230701-redisenterprise + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230701.redisenterprises.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230701 + operations: + - CREATE + - UPDATE + resources: + - redisenterprises + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cdn-azure-com-v1api20210601-profile + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.profiles.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - profiles + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cdn-azure-com-v1api20210601-profilesendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.profilesendpoints.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - profilesendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20200930-disk + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200930.disks.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20200930 + operations: + - CREATE + - UPDATE + resources: + - disks + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20200930-snapshot + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200930.snapshots.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20200930 + operations: + - CREATE + - UPDATE + resources: + - snapshots + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20201201-virtualmachine + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.virtualmachines.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - virtualmachines + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20201201-virtualmachinescaleset + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.virtualmachinescalesets.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinescalesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20210701-image + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210701.images.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - images + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20220301-image + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220301.images.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - images + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20220301-virtualmachine + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220301.virtualmachines.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - virtualmachines + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20220301-virtualmachinescaleset + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220301.virtualmachinescalesets.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinescalesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20220702-diskencryptionset + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220702.diskencryptionsets.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220702 + operations: + - CREATE + - UPDATE + resources: + - diskencryptionsets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerinstance-azure-com-v1api20211001-containergroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211001.containergroups.containerinstance.azure.com + rules: + - apiGroups: + - containerinstance.azure.com + apiVersions: + - v1api20211001 + operations: + - CREATE + - UPDATE + resources: + - containergroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerregistry-azure-com-v1api20210901-registry + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210901.registries.containerregistry.azure.com + rules: + - apiGroups: + - containerregistry.azure.com + apiVersions: + - v1api20210901 + operations: + - CREATE + - UPDATE + resources: + - registries + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20210501-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210501.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20210501-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210501.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230201-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230201.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230201 + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230201-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230201.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230201 + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230202preview-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230202preview.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230202preview + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230202preview-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230202preview.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230202preview + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230202preview-trustedaccessrolebinding + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230202preview.trustedaccessrolebindings.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230202preview + operations: + - CREATE + - UPDATE + resources: + - trustedaccessrolebindings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230315preview-fleet + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230315preview.fleets.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230315preview + operations: + - CREATE + - UPDATE + resources: + - fleets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230315preview-fleetsmember + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230315preview.fleetsmembers.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230315preview + operations: + - CREATE + - UPDATE + resources: + - fleetsmembers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230315preview-fleetsupdaterun + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230315preview.fleetsupdateruns.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230315preview + operations: + - CREATE + - UPDATE + resources: + - fleetsupdateruns + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-datafactory-azure-com-v1api20180601-factory + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180601.factories.datafactory.azure.com + rules: + - apiGroups: + - datafactory.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - factories + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dataprotection-azure-com-v1api20230101-backupvault + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.backupvaults.dataprotection.azure.com + rules: + - apiGroups: + - dataprotection.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - backupvaults + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dataprotection-azure-com-v1api20230101-backupvaultsbackuppolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.backupvaultsbackuppolicies.dataprotection.azure.com + rules: + - apiGroups: + - dataprotection.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - backupvaultsbackuppolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformariadb-azure-com-v1api20180601-configuration + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180601.configurations.dbformariadb.azure.com + rules: + - apiGroups: + - dbformariadb.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - configurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformariadb-azure-com-v1api20180601-database + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180601.databases.dbformariadb.azure.com + rules: + - apiGroups: + - dbformariadb.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - databases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformariadb-azure-com-v1api20180601-server + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180601.servers.dbformariadb.azure.com + rules: + - apiGroups: + - dbformariadb.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - servers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformysql-azure-com-v1api20210501-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210501.flexibleservers.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformysql-azure-com-v1api20210501-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210501.flexibleserversdatabases.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformysql-azure-com-v1api20210501-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210501.flexibleserversfirewallrules.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformysql-azure-com-v1api20220101-flexibleserversadministrator + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220101.flexibleserversadministrators.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20220101 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversadministrators + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformysql-azure-com-v1api20220101-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220101.flexibleserversconfigurations.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20220101 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformysql-azure-com-v1-user + failurePolicy: Fail + matchPolicy: Exact + name: default.v1.users.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - users + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20210601-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.flexibleservers.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20210601-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.flexibleserversconfigurations.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20210601-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.flexibleserversdatabases.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20210601-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.flexibleserversfirewallrules.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220120preview.flexibleservers.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220120preview.flexibleserversconfigurations.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220120preview.flexibleserversdatabases.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220120preview.flexibleserversfirewallrules.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1-user + failurePolicy: Fail + matchPolicy: Exact + name: default.v1.users.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - users + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-devices-azure-com-v1api20210702-iothub + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210702.iothubs.devices.azure.com + rules: + - apiGroups: + - devices.azure.com + apiVersions: + - v1api20210702 + operations: + - CREATE + - UPDATE + resources: + - iothubs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-databaseaccount + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.databaseaccounts.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - databaseaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-mongodbdatabasecollection + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.mongodbdatabasecollections.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasecollections + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-mongodbdatabasecollectionthroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.mongodbdatabasecollectionthroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasecollectionthroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-mongodbdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.mongodbdatabases.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-mongodbdatabasethroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.mongodbdatabasethroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasethroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabasecontainer + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabasecontainers.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabasecontainerstoredprocedure + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabasecontainerstoredprocedures.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainerstoredprocedures + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabasecontainerthroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabasecontainerthroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainerthroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabasecontainertrigger + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabasecontainertriggers.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainertriggers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabasecontaineruserdefinedfunction + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabasecontaineruserdefinedfunctions.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontaineruserdefinedfunctions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabases.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabasethroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabasethroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasethroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqlroleassignment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqlroleassignments.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqlroleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventgrid-azure-com-v1api20200601-domain + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.domains.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - domains + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventgrid-azure-com-v1api20200601-domainstopic + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.domainstopics.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - domainstopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventgrid-azure-com-v1api20200601-eventsubscription + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.eventsubscriptions.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - eventsubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventgrid-azure-com-v1api20200601-topic + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.topics.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - topics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventhub-azure-com-v1api20211101-namespace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespaces.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventhub-azure-com-v1api20211101-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespacesauthorizationrules.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventhub-azure-com-v1api20211101-namespaceseventhub + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespaceseventhubs.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaceseventhubs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventhub-azure-com-v1api20211101-namespaceseventhubsauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespaceseventhubsauthorizationrules.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaceseventhubsauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventhub-azure-com-v1api20211101-namespaceseventhubsconsumergroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespaceseventhubsconsumergroups.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaceseventhubsconsumergroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-insights-azure-com-v1api20180301-metricalert + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180301.metricalerts.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20180301 + operations: + - CREATE + - UPDATE + resources: + - metricalerts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-insights-azure-com-v1api20180501preview-webtest + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501preview.webtests.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20180501preview + operations: + - CREATE + - UPDATE + resources: + - webtests + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-insights-azure-com-v1api20200202-component + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200202.components.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20200202 + operations: + - CREATE + - UPDATE + resources: + - components + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-insights-azure-com-v1api20220615-scheduledqueryrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220615.scheduledqueryrules.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20220615 + operations: + - CREATE + - UPDATE + resources: + - scheduledqueryrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-insights-azure-com-v1api20221001-autoscalesetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001.autoscalesettings.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20221001 + operations: + - CREATE + - UPDATE + resources: + - autoscalesettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-insights-azure-com-v1api20230101-actiongroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.actiongroups.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - actiongroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-keyvault-azure-com-v1api20210401preview-vault + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401preview.vaults.keyvault.azure.com + rules: + - apiGroups: + - keyvault.azure.com + apiVersions: + - v1api20210401preview + operations: + - CREATE + - UPDATE + resources: + - vaults + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-kubernetesconfiguration-azure-com-v1api20230501-extension + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501.extensions.kubernetesconfiguration.azure.com + rules: + - apiGroups: + - kubernetesconfiguration.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - extensions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-machinelearningservices-azure-com-v1api20210701-workspace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210701.workspaces.machinelearningservices.azure.com + rules: + - apiGroups: + - machinelearningservices.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - workspaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-machinelearningservices-azure-com-v1api20210701-workspacescompute + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210701.workspacescomputes.machinelearningservices.azure.com + rules: + - apiGroups: + - machinelearningservices.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - workspacescomputes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-machinelearningservices-azure-com-v1api20210701-workspacesconnection + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210701.workspacesconnections.machinelearningservices.azure.com + rules: + - apiGroups: + - machinelearningservices.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - workspacesconnections + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-managedidentity-azure-com-v1api20181130-userassignedidentity + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20181130.userassignedidentities.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20181130 + operations: + - CREATE + - UPDATE + resources: + - userassignedidentities + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-managedidentity-azure-com-v1api20220131preview-federatedidentitycredential + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220131preview.federatedidentitycredentials.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20220131preview + operations: + - CREATE + - UPDATE + resources: + - federatedidentitycredentials + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszone + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszones.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszones + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonesaaaarecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonesaaaarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesaaaarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonesarecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonesarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonescaarecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonescaarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonescaarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonescnamerecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonescnamerecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonescnamerecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonesmxrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonesmxrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesmxrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonesnsrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonesnsrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesnsrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonesptrrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonesptrrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesptrrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonessrvrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonessrvrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonessrvrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonestxtrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonestxtrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonestxtrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180901-privatednszone + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180901.privatednszones.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180901 + operations: + - CREATE + - UPDATE + resources: + - privatednszones + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonesaaaarecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonesaaaarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesaaaarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonesarecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonesarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonescnamerecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonescnamerecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonescnamerecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonesmxrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonesmxrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesmxrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonesptrrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonesptrrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesptrrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonessrvrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonessrvrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonessrvrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonestxtrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonestxtrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonestxtrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonesvirtualnetworklink + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonesvirtualnetworklinks.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesvirtualnetworklinks + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-loadbalancer + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.loadbalancers.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - loadbalancers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-loadbalancersinboundnatrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.loadbalancersinboundnatrules.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - loadbalancersinboundnatrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-networkinterface + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.networkinterfaces.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - networkinterfaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-networksecuritygroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.networksecuritygroups.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - networksecuritygroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-networksecuritygroupssecurityrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.networksecuritygroupssecurityrules.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - networksecuritygroupssecurityrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-publicipaddress + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.publicipaddresses.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - publicipaddresses + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-routetable + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.routetables.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - routetables + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-routetablesroute + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.routetablesroutes.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - routetablesroutes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-virtualnetworkgateway + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.virtualnetworkgateways.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworkgateways + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-virtualnetwork + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.virtualnetworks.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworks + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-virtualnetworkssubnet + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.virtualnetworkssubnets.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworkssubnets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-virtualnetworksvirtualnetworkpeering + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.virtualnetworksvirtualnetworkpeerings.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworksvirtualnetworkpeerings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220401-trafficmanagerprofile + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220401.trafficmanagerprofiles.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofiles + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220401-trafficmanagerprofilesazureendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220401.trafficmanagerprofilesazureendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofilesazureendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220401-trafficmanagerprofilesexternalendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220401.trafficmanagerprofilesexternalendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofilesexternalendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220401-trafficmanagerprofilesnestedendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220401.trafficmanagerprofilesnestedendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofilesnestedendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-applicationgateway + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.applicationgateways.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - applicationgateways + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-bastionhost + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.bastionhosts.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - bastionhosts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-dnsforwardingruleset + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.dnsforwardingrulesets.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsforwardingrulesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-dnsforwardingrulesetsforwardingrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.dnsforwardingrulesetsforwardingrules.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsforwardingrulesetsforwardingrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-dnsresolver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.dnsresolvers.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsresolvers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-dnsresolversinboundendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.dnsresolversinboundendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsresolversinboundendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-dnsresolversoutboundendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.dnsresolversoutboundendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsresolversoutboundendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-natgateway + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.natgateways.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - natgateways + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-privateendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.privateendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - privateendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-privateendpointsprivatednszonegroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.privateendpointsprivatednszonegroups.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - privateendpointsprivatednszonegroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-privatelinkservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.privatelinkservices.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - privatelinkservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-publicipprefix + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.publicipprefixes.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - publicipprefixes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-operationalinsights-azure-com-v1api20210601-workspace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.workspaces.operationalinsights.azure.com + rules: + - apiGroups: + - operationalinsights.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - workspaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-resources-azure-com-v1api20200601-resourcegroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.resourcegroups.resources.azure.com + rules: + - apiGroups: + - resources.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - resourcegroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-search-azure-com-v1api20220901-searchservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.searchservices.search.azure.com + rules: + - apiGroups: + - search.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - searchservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20210101preview-namespace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101preview.namespaces.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20210101preview-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101preview.namespacesauthorizationrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20210101preview-namespacesqueue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101preview.namespacesqueues.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20210101preview-namespacestopic + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101preview.namespacestopics.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20210101preview-namespacestopicssubscription + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101preview.namespacestopicssubscriptions.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20210101preview-namespacestopicssubscriptionsrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101preview.namespacestopicssubscriptionsrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptionsrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20211101-namespace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespaces.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20211101-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespacesauthorizationrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20211101-namespacesqueue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespacesqueues.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20211101-namespacestopic + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespacestopics.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacestopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20211101-namespacestopicssubscription + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespacestopicssubscriptions.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20211101-namespacestopicssubscriptionsrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespacestopicssubscriptionsrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptionsrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20221001preview-namespace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001preview.namespaces.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20221001preview-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001preview.namespacesauthorizationrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20221001preview-namespacesqueue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001preview.namespacesqueues.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20221001preview-namespacestopic + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001preview.namespacestopics.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20221001preview-namespacestopicssubscription + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001preview.namespacestopicssubscriptions.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20221001preview-namespacestopicssubscriptionsrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001preview.namespacestopicssubscriptionsrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptionsrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-signalrservice-azure-com-v1api20211001-signalr + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211001.signalrs.signalrservice.azure.com + rules: + - apiGroups: + - signalrservice.azure.com + apiVersions: + - v1api20211001 + operations: + - CREATE + - UPDATE + resources: + - signalrs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-server + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.servers.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - servers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversadministrator + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversadministrators.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversadministrators + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversadvancedthreatprotectionsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversadvancedthreatprotectionsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversadvancedthreatprotectionsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversauditingsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversauditingsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversauditingsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversazureadonlyauthentication + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversazureadonlyauthentications.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversazureadonlyauthentications + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversconnectionpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversconnectionpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversconnectionpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabases.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabasesadvancedthreatprotectionsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasesadvancedthreatprotectionsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesadvancedthreatprotectionsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabasesauditingsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasesauditingsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesauditingsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabasesbackuplongtermretentionpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasesbackuplongtermretentionpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesbackuplongtermretentionpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabasesbackupshorttermretentionpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasesbackupshorttermretentionpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesbackupshorttermretentionpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabasessecurityalertpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasessecurityalertpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasessecurityalertpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabasestransparentdataencryption + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasestransparentdataencryptions.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasestransparentdataencryptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabasesvulnerabilityassessment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasesvulnerabilityassessments.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesvulnerabilityassessments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serverselasticpool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serverselasticpools.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serverselasticpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversfailovergroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversfailovergroups.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversfailovergroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversfirewallrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversipv6firewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversipv6firewallrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversipv6firewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversoutboundfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversoutboundfirewallrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversoutboundfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serverssecurityalertpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serverssecurityalertpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serverssecurityalertpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversvirtualnetworkrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversvirtualnetworkrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversvirtualnetworkrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversvulnerabilityassessment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversvulnerabilityassessments.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversvulnerabilityassessments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20210401-storageaccount + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401.storageaccounts.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20210401-storageaccountsblobservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401.storageaccountsblobservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20210401-storageaccountsblobservicescontainer + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401.storageaccountsblobservicescontainers.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservicescontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20210401-storageaccountsmanagementpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401.storageaccountsmanagementpolicies.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsmanagementpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20210401-storageaccountsqueueservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401.storageaccountsqueueservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20210401-storageaccountsqueueservicesqueue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401.storageaccountsqueueservicesqueues.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservicesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccount + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccounts.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountsblobservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsblobservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountsblobservicescontainer + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsblobservicescontainers.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservicescontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountsfileservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsfileservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountsfileservicesshare + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsfileservicesshares.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservicesshares + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountsmanagementpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsmanagementpolicies.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsmanagementpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountsqueueservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsqueueservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountsqueueservicesqueue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsqueueservicesqueues.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservicesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountstableservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountstableservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountstableservicestable + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountstableservicestables.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservicestables + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-subscription-azure-com-v1api20211001-alias + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211001.aliases.subscription.azure.com + rules: + - apiGroups: + - subscription.azure.com + apiVersions: + - v1api20211001 + operations: + - CREATE + - UPDATE + resources: + - aliases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-synapse-azure-com-v1api20210601-workspace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.workspaces.synapse.azure.com + rules: + - apiGroups: + - synapse.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - workspaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-synapse-azure-com-v1api20210601-workspacesbigdatapool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.workspacesbigdatapools.synapse.azure.com + rules: + - apiGroups: + - synapse.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - workspacesbigdatapools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-web-azure-com-v1api20220301-serverfarm + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220301.serverfarms.web.azure.com + rules: + - apiGroups: + - web.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - serverfarms + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-web-azure-com-v1api20220301-site + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220301.sites.web.azure.com + rules: + - apiGroups: + - web.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - sites + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azurecluster + failurePolicy: Fail + matchPolicy: Equivalent + name: default.azurecluster.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azureclusters + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azureclustertemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: default.azureclustertemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azureclustertemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachine + failurePolicy: Fail + matchPolicy: Equivalent + name: default.azuremachine.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremachines + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinetemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: default.azuremachinetemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremachinetemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedcontrolplane + failurePolicy: Fail + name: default.azuremanagedcontrolplanes.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremanagedcontrolplanes + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedcontrolplanetemplate + failurePolicy: Fail + name: default.azuremanagedcontrolplanetemplates.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremanagedcontrolplanetemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedmachinepool + failurePolicy: Fail + matchPolicy: Equivalent + name: default.azuremanagedmachinepools.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremanagedmachinepools + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedmachinepooltemplate + failurePolicy: Fail + name: default.azuremanagedmachinepooltemplates.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremanagedmachinepooltemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinepool + failurePolicy: Fail + name: default.azuremachinepool.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremachinepools + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + name: azureserviceoperator-validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-api + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.apis.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - apis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-apiversionset + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.apiversionsets.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - apiversionsets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-backend + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.backends.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - backends + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-namedvalue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.namedvalues.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - namedvalues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-policy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.policies.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - policies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-policyfragment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.policyfragments.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - policyfragments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-product + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.products.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - products + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-service + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.services.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - services + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-subscription + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.subscriptions.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - subscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-appconfiguration-azure-com-v1api20220501-configurationstore + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220501.configurationstores.appconfiguration.azure.com + rules: + - apiGroups: + - appconfiguration.azure.com + apiVersions: + - v1api20220501 + operations: + - CREATE + - UPDATE + resources: + - configurationstores + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-authorization-azure-com-v1api20200801preview-roleassignment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200801preview.roleassignments.authorization.azure.com + rules: + - apiGroups: + - authorization.azure.com + apiVersions: + - v1api20200801preview + operations: + - CREATE + - UPDATE + resources: + - roleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-authorization-azure-com-v1api20220401-roleassignment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220401.roleassignments.authorization.azure.com + rules: + - apiGroups: + - authorization.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - roleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-batch-azure-com-v1api20210101-batchaccount + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101.batchaccounts.batch.azure.com + rules: + - apiGroups: + - batch.azure.com + apiVersions: + - v1api20210101 + operations: + - CREATE + - UPDATE + resources: + - batchaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20201201-redis + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.redis.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20201201-redisfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.redisfirewallrules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redisfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20201201-redislinkedserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.redislinkedservers.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redislinkedservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20201201-redispatchschedule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.redispatchschedules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redispatchschedules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20210301-redisenterprisedatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210301.redisenterprisedatabases.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20210301 + operations: + - CREATE + - UPDATE + resources: + - redisenterprisedatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20210301-redisenterprise + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210301.redisenterprises.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20210301 + operations: + - CREATE + - UPDATE + resources: + - redisenterprises + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20230401-redis + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230401.redis.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20230401-redisfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230401.redisfirewallrules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redisfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20230401-redislinkedserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230401.redislinkedservers.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redislinkedservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20230401-redispatchschedule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230401.redispatchschedules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redispatchschedules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20230701-redisenterprisedatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230701.redisenterprisedatabases.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230701 + operations: + - CREATE + - UPDATE + resources: + - redisenterprisedatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20230701-redisenterprise + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230701.redisenterprises.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230701 + operations: + - CREATE + - UPDATE + resources: + - redisenterprises + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cdn-azure-com-v1api20210601-profile + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.profiles.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - profiles + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cdn-azure-com-v1api20210601-profilesendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.profilesendpoints.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - profilesendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20200930-disk + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200930.disks.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20200930 + operations: + - CREATE + - UPDATE + resources: + - disks + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20200930-snapshot + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200930.snapshots.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20200930 + operations: + - CREATE + - UPDATE + resources: + - snapshots + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20201201-virtualmachine + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.virtualmachines.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - virtualmachines + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20201201-virtualmachinescaleset + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.virtualmachinescalesets.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinescalesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20210701-image + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210701.images.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - images + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20220301-image + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220301.images.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - images + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20220301-virtualmachine + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220301.virtualmachines.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - virtualmachines + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20220301-virtualmachinescaleset + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220301.virtualmachinescalesets.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinescalesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20220702-diskencryptionset + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220702.diskencryptionsets.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220702 + operations: + - CREATE + - UPDATE + resources: + - diskencryptionsets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerinstance-azure-com-v1api20211001-containergroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211001.containergroups.containerinstance.azure.com + rules: + - apiGroups: + - containerinstance.azure.com + apiVersions: + - v1api20211001 + operations: + - CREATE + - UPDATE + resources: + - containergroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerregistry-azure-com-v1api20210901-registry + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210901.registries.containerregistry.azure.com + rules: + - apiGroups: + - containerregistry.azure.com + apiVersions: + - v1api20210901 + operations: + - CREATE + - UPDATE + resources: + - registries + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20210501-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210501.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20210501-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210501.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230201-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230201.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230201 + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230201-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230201.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230201 + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230202preview-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230202preview.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230202preview + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230202preview-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230202preview.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230202preview + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230202preview-trustedaccessrolebinding + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230202preview.trustedaccessrolebindings.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230202preview + operations: + - CREATE + - UPDATE + resources: + - trustedaccessrolebindings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230315preview-fleet + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230315preview.fleets.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230315preview + operations: + - CREATE + - UPDATE + resources: + - fleets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230315preview-fleetsmember + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230315preview.fleetsmembers.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230315preview + operations: + - CREATE + - UPDATE + resources: + - fleetsmembers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230315preview-fleetsupdaterun + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230315preview.fleetsupdateruns.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230315preview + operations: + - CREATE + - UPDATE + resources: + - fleetsupdateruns + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-datafactory-azure-com-v1api20180601-factory + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180601.factories.datafactory.azure.com + rules: + - apiGroups: + - datafactory.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - factories + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dataprotection-azure-com-v1api20230101-backupvault + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.backupvaults.dataprotection.azure.com + rules: + - apiGroups: + - dataprotection.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - backupvaults + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dataprotection-azure-com-v1api20230101-backupvaultsbackuppolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.backupvaultsbackuppolicies.dataprotection.azure.com + rules: + - apiGroups: + - dataprotection.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - backupvaultsbackuppolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformariadb-azure-com-v1api20180601-configuration + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180601.configurations.dbformariadb.azure.com + rules: + - apiGroups: + - dbformariadb.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - configurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformariadb-azure-com-v1api20180601-database + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180601.databases.dbformariadb.azure.com + rules: + - apiGroups: + - dbformariadb.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - databases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformariadb-azure-com-v1api20180601-server + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180601.servers.dbformariadb.azure.com + rules: + - apiGroups: + - dbformariadb.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - servers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformysql-azure-com-v1api20210501-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210501.flexibleservers.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformysql-azure-com-v1api20210501-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210501.flexibleserversdatabases.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformysql-azure-com-v1api20210501-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210501.flexibleserversfirewallrules.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformysql-azure-com-v1api20220101-flexibleserversadministrator + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220101.flexibleserversadministrators.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20220101 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversadministrators + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformysql-azure-com-v1api20220101-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220101.flexibleserversconfigurations.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20220101 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformysql-azure-com-v1-user + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1.users.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - users + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20210601-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.flexibleservers.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20210601-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.flexibleserversconfigurations.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20210601-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.flexibleserversdatabases.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20210601-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.flexibleserversfirewallrules.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220120preview.flexibleservers.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220120preview.flexibleserversconfigurations.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220120preview.flexibleserversdatabases.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220120preview.flexibleserversfirewallrules.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1-user + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1.users.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - users + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-devices-azure-com-v1api20210702-iothub + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210702.iothubs.devices.azure.com + rules: + - apiGroups: + - devices.azure.com + apiVersions: + - v1api20210702 + operations: + - CREATE + - UPDATE + resources: + - iothubs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-databaseaccount + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.databaseaccounts.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - databaseaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-mongodbdatabasecollection + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.mongodbdatabasecollections.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasecollections + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-mongodbdatabasecollectionthroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.mongodbdatabasecollectionthroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasecollectionthroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-mongodbdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.mongodbdatabases.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-mongodbdatabasethroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.mongodbdatabasethroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasethroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqldatabasecontainer + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabasecontainers.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqldatabasecontainerstoredprocedure + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabasecontainerstoredprocedures.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainerstoredprocedures + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqldatabasecontainerthroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabasecontainerthroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainerthroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqldatabasecontainertrigger + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabasecontainertriggers.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainertriggers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqldatabasecontaineruserdefinedfunction + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabasecontaineruserdefinedfunctions.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontaineruserdefinedfunctions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqldatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabases.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqldatabasethroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabasethroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasethroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqlroleassignment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqlroleassignments.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqlroleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventgrid-azure-com-v1api20200601-domain + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.domains.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - domains + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventgrid-azure-com-v1api20200601-domainstopic + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.domainstopics.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - domainstopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventgrid-azure-com-v1api20200601-eventsubscription + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.eventsubscriptions.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - eventsubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventgrid-azure-com-v1api20200601-topic + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.topics.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - topics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventhub-azure-com-v1api20211101-namespace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespaces.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventhub-azure-com-v1api20211101-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespacesauthorizationrules.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventhub-azure-com-v1api20211101-namespaceseventhub + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespaceseventhubs.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaceseventhubs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventhub-azure-com-v1api20211101-namespaceseventhubsauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespaceseventhubsauthorizationrules.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaceseventhubsauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventhub-azure-com-v1api20211101-namespaceseventhubsconsumergroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespaceseventhubsconsumergroups.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaceseventhubsconsumergroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-insights-azure-com-v1api20180301-metricalert + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180301.metricalerts.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20180301 + operations: + - CREATE + - UPDATE + resources: + - metricalerts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-insights-azure-com-v1api20180501preview-webtest + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501preview.webtests.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20180501preview + operations: + - CREATE + - UPDATE + resources: + - webtests + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-insights-azure-com-v1api20200202-component + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200202.components.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20200202 + operations: + - CREATE + - UPDATE + resources: + - components + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-insights-azure-com-v1api20220615-scheduledqueryrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220615.scheduledqueryrules.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20220615 + operations: + - CREATE + - UPDATE + resources: + - scheduledqueryrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-insights-azure-com-v1api20221001-autoscalesetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001.autoscalesettings.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20221001 + operations: + - CREATE + - UPDATE + resources: + - autoscalesettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-insights-azure-com-v1api20230101-actiongroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.actiongroups.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - actiongroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-keyvault-azure-com-v1api20210401preview-vault + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401preview.vaults.keyvault.azure.com + rules: + - apiGroups: + - keyvault.azure.com + apiVersions: + - v1api20210401preview + operations: + - CREATE + - UPDATE + resources: + - vaults + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-kubernetesconfiguration-azure-com-v1api20230501-extension + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501.extensions.kubernetesconfiguration.azure.com + rules: + - apiGroups: + - kubernetesconfiguration.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - extensions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-machinelearningservices-azure-com-v1api20210701-workspace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210701.workspaces.machinelearningservices.azure.com + rules: + - apiGroups: + - machinelearningservices.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - workspaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-machinelearningservices-azure-com-v1api20210701-workspacescompute + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210701.workspacescomputes.machinelearningservices.azure.com + rules: + - apiGroups: + - machinelearningservices.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - workspacescomputes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-machinelearningservices-azure-com-v1api20210701-workspacesconnection + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210701.workspacesconnections.machinelearningservices.azure.com + rules: + - apiGroups: + - machinelearningservices.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - workspacesconnections + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-managedidentity-azure-com-v1api20181130-userassignedidentity + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20181130.userassignedidentities.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20181130 + operations: + - CREATE + - UPDATE + resources: + - userassignedidentities + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-managedidentity-azure-com-v1api20220131preview-federatedidentitycredential + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220131preview.federatedidentitycredentials.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20220131preview + operations: + - CREATE + - UPDATE + resources: + - federatedidentitycredentials + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszone + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszones.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszones + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonesaaaarecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonesaaaarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesaaaarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonesarecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonesarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonescaarecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonescaarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonescaarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonescnamerecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonescnamerecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonescnamerecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonesmxrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonesmxrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesmxrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonesnsrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonesnsrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesnsrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonesptrrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonesptrrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesptrrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonessrvrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonessrvrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonessrvrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonestxtrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonestxtrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonestxtrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180901-privatednszone + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180901.privatednszones.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180901 + operations: + - CREATE + - UPDATE + resources: + - privatednszones + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonesaaaarecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonesaaaarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesaaaarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonesarecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonesarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonescnamerecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonescnamerecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonescnamerecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonesmxrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonesmxrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesmxrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonesptrrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonesptrrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesptrrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonessrvrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonessrvrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonessrvrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonestxtrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonestxtrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonestxtrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonesvirtualnetworklink + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonesvirtualnetworklinks.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesvirtualnetworklinks + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-loadbalancer + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.loadbalancers.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - loadbalancers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-loadbalancersinboundnatrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.loadbalancersinboundnatrules.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - loadbalancersinboundnatrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-networkinterface + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.networkinterfaces.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - networkinterfaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-networksecuritygroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.networksecuritygroups.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - networksecuritygroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-networksecuritygroupssecurityrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.networksecuritygroupssecurityrules.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - networksecuritygroupssecurityrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-publicipaddress + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.publicipaddresses.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - publicipaddresses + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-routetable + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.routetables.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - routetables + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-routetablesroute + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.routetablesroutes.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - routetablesroutes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-virtualnetworkgateway + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.virtualnetworkgateways.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworkgateways + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-virtualnetwork + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.virtualnetworks.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworks + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-virtualnetworkssubnet + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.virtualnetworkssubnets.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworkssubnets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-virtualnetworksvirtualnetworkpeering + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.virtualnetworksvirtualnetworkpeerings.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworksvirtualnetworkpeerings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220401-trafficmanagerprofile + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220401.trafficmanagerprofiles.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofiles + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220401-trafficmanagerprofilesazureendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220401.trafficmanagerprofilesazureendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofilesazureendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220401-trafficmanagerprofilesexternalendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220401.trafficmanagerprofilesexternalendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofilesexternalendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220401-trafficmanagerprofilesnestedendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220401.trafficmanagerprofilesnestedendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofilesnestedendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-applicationgateway + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.applicationgateways.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - applicationgateways + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-bastionhost + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.bastionhosts.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - bastionhosts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-dnsforwardingruleset + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.dnsforwardingrulesets.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsforwardingrulesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-dnsforwardingrulesetsforwardingrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.dnsforwardingrulesetsforwardingrules.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsforwardingrulesetsforwardingrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-dnsresolver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.dnsresolvers.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsresolvers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-dnsresolversinboundendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.dnsresolversinboundendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsresolversinboundendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-dnsresolversoutboundendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.dnsresolversoutboundendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsresolversoutboundendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-natgateway + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.natgateways.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - natgateways + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-privateendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.privateendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - privateendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-privateendpointsprivatednszonegroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.privateendpointsprivatednszonegroups.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - privateendpointsprivatednszonegroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-privatelinkservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.privatelinkservices.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - privatelinkservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-publicipprefix + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.publicipprefixes.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - publicipprefixes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-operationalinsights-azure-com-v1api20210601-workspace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.workspaces.operationalinsights.azure.com + rules: + - apiGroups: + - operationalinsights.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - workspaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-resources-azure-com-v1api20200601-resourcegroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.resourcegroups.resources.azure.com + rules: + - apiGroups: + - resources.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - resourcegroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-search-azure-com-v1api20220901-searchservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.searchservices.search.azure.com + rules: + - apiGroups: + - search.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - searchservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20210101preview-namespace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101preview.namespaces.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20210101preview-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101preview.namespacesauthorizationrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20210101preview-namespacesqueue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101preview.namespacesqueues.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20210101preview-namespacestopic + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101preview.namespacestopics.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20210101preview-namespacestopicssubscription + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101preview.namespacestopicssubscriptions.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20210101preview-namespacestopicssubscriptionsrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101preview.namespacestopicssubscriptionsrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptionsrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20211101-namespace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespaces.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20211101-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespacesauthorizationrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20211101-namespacesqueue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespacesqueues.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20211101-namespacestopic + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespacestopics.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacestopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20211101-namespacestopicssubscription + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespacestopicssubscriptions.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20211101-namespacestopicssubscriptionsrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespacestopicssubscriptionsrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptionsrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20221001preview-namespace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001preview.namespaces.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20221001preview-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001preview.namespacesauthorizationrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20221001preview-namespacesqueue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001preview.namespacesqueues.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20221001preview-namespacestopic + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001preview.namespacestopics.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20221001preview-namespacestopicssubscription + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001preview.namespacestopicssubscriptions.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20221001preview-namespacestopicssubscriptionsrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001preview.namespacestopicssubscriptionsrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptionsrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-signalrservice-azure-com-v1api20211001-signalr + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211001.signalrs.signalrservice.azure.com + rules: + - apiGroups: + - signalrservice.azure.com + apiVersions: + - v1api20211001 + operations: + - CREATE + - UPDATE + resources: + - signalrs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-server + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.servers.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - servers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversadministrator + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversadministrators.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversadministrators + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversadvancedthreatprotectionsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversadvancedthreatprotectionsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversadvancedthreatprotectionsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversauditingsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversauditingsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversauditingsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversazureadonlyauthentication + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversazureadonlyauthentications.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversazureadonlyauthentications + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversconnectionpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversconnectionpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversconnectionpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabases.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabasesadvancedthreatprotectionsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasesadvancedthreatprotectionsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesadvancedthreatprotectionsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabasesauditingsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasesauditingsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesauditingsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabasesbackuplongtermretentionpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasesbackuplongtermretentionpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesbackuplongtermretentionpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabasesbackupshorttermretentionpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasesbackupshorttermretentionpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesbackupshorttermretentionpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabasessecurityalertpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasessecurityalertpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasessecurityalertpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabasestransparentdataencryption + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasestransparentdataencryptions.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasestransparentdataencryptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabasesvulnerabilityassessment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasesvulnerabilityassessments.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesvulnerabilityassessments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serverselasticpool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serverselasticpools.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serverselasticpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversfailovergroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversfailovergroups.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversfailovergroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversfirewallrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversipv6firewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversipv6firewallrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversipv6firewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversoutboundfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversoutboundfirewallrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversoutboundfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serverssecurityalertpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serverssecurityalertpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serverssecurityalertpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversvirtualnetworkrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversvirtualnetworkrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversvirtualnetworkrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversvulnerabilityassessment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversvulnerabilityassessments.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversvulnerabilityassessments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20210401-storageaccount + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401.storageaccounts.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20210401-storageaccountsblobservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401.storageaccountsblobservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20210401-storageaccountsblobservicescontainer + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401.storageaccountsblobservicescontainers.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservicescontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20210401-storageaccountsmanagementpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401.storageaccountsmanagementpolicies.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsmanagementpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20210401-storageaccountsqueueservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401.storageaccountsqueueservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20210401-storageaccountsqueueservicesqueue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401.storageaccountsqueueservicesqueues.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservicesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccount + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccounts.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountsblobservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsblobservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountsblobservicescontainer + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsblobservicescontainers.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservicescontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountsfileservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsfileservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountsfileservicesshare + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsfileservicesshares.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservicesshares + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountsmanagementpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsmanagementpolicies.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsmanagementpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountsqueueservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsqueueservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountsqueueservicesqueue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsqueueservicesqueues.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservicesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountstableservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountstableservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountstableservicestable + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountstableservicestables.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservicestables + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-subscription-azure-com-v1api20211001-alias + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211001.aliases.subscription.azure.com + rules: + - apiGroups: + - subscription.azure.com + apiVersions: + - v1api20211001 + operations: + - CREATE + - UPDATE + resources: + - aliases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-synapse-azure-com-v1api20210601-workspace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.workspaces.synapse.azure.com + rules: + - apiGroups: + - synapse.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - workspaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-synapse-azure-com-v1api20210601-workspacesbigdatapool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.workspacesbigdatapools.synapse.azure.com + rules: + - apiGroups: + - synapse.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - workspacesbigdatapools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-web-azure-com-v1api20220301-serverfarm + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220301.serverfarms.web.azure.com + rules: + - apiGroups: + - web.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - serverfarms + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-web-azure-com-v1api20220301-site + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220301.sites.web.azure.com + rules: + - apiGroups: + - web.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - sites + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azurecluster + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.azurecluster.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azureclusters + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azureclusteridentity + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.azureclusteridentity.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azureclusteridentities + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azureclustertemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.azureclustertemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azureclustertemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachine + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.azuremachine.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremachines + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinetemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.azuremachinetemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremachinetemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedcluster + failurePolicy: Fail + name: validation.azuremanagedclusters.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremanagedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedclustertemplate + failurePolicy: Fail + name: validation.azuremanagedclustertemplates.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - UPDATE + resources: + - azuremanagedclustertemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedcontrolplane + failurePolicy: Fail + name: validation.azuremanagedcontrolplanes.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremanagedcontrolplanes + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedcontrolplanetemplate + failurePolicy: Fail + name: validation.azuremanagedcontrolplanetemplates.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremanagedcontrolplanetemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedmachinepool + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.azuremanagedmachinepools.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - azuremanagedmachinepools + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedmachinepooltemplate + failurePolicy: Fail + name: validation.azuremanagedmachinepooltemplates.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - azuremanagedmachinepooltemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinepool + failurePolicy: Fail + name: validation.azuremachinepool.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremachinepools + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinepoolmachine + failurePolicy: Fail + name: azuremachinepoolmachine.kb.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremachinepoolmachines + sideEffects: None diff --git a/files/cluster-api-provider-azure/v1.12.3/metadata.yaml b/files/cluster-api-provider-azure/v1.12.3/metadata.yaml new file mode 100644 index 00000000..e90cd471 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.12.3/metadata.yaml @@ -0,0 +1,55 @@ +# maps release series of major.minor to cluster-api contract version +# the contract version may change between minor or major versions, but *not* +# between patch versions. +# +# update this file only when a new major or minor version is released +apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 +releaseSeries: + - major: 0 + minor: 3 + contract: v1alpha2 + - major: 0 + minor: 4 + contract: v1alpha3 + - major: 0 + minor: 5 + contract: v1alpha4 + - major: 1 + minor: 0 + contract: v1beta1 + - major: 1 + minor: 1 + contract: v1beta1 + - major: 1 + minor: 2 + contract: v1beta1 + - major: 1 + minor: 3 + contract: v1beta1 + - major: 1 + minor: 4 + contract: v1beta1 + - major: 1 + minor: 5 + contract: v1beta1 + - major: 1 + minor: 6 + contract: v1beta1 + - major: 1 + minor: 7 + contract: v1beta1 + - major: 1 + minor: 8 + contract: v1beta1 + - major: 1 + minor: 9 + contract: v1beta1 + - major: 1 + minor: 10 + contract: v1beta1 + - major: 1 + minor: 11 + contract: v1beta1 + - major: 1 + minor: 12 + contract: v1beta1 diff --git a/files/cluster-api-provider-azure/v1.13.1/cluster-template-aad.yaml b/files/cluster-api-provider-azure/v1.13.1/cluster-template-aad.yaml new file mode 100644 index 00000000..54c36b40 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.13.1/cluster-template-aad.yaml @@ -0,0 +1,211 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + oidc-client-id: ${AZURE_SERVER_APP_ID} + oidc-groups-claim: groups + oidc-issuer-url: https://sts.windows.net/${AZURE_TENANT_ID}/ + oidc-username-claim: oid + oidc-username-prefix: '-' + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + diskSizeGB: 128 + managedDisk: + storageAccountType: Premium_LRS + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.13.1/cluster-template-aks-clusterclass.yaml b/files/cluster-api-provider-azure/v1.13.1/cluster-template-aks-clusterclass.yaml new file mode 100644 index 00000000..13b7e1e0 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.13.1/cluster-template-aks-clusterclass.yaml @@ -0,0 +1,125 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: ClusterClass +metadata: + name: ${CLUSTER_CLASS_NAME} + namespace: default +spec: + controlPlane: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureManagedControlPlaneTemplate + name: ${CLUSTER_NAME}-control-plane + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureManagedClusterTemplate + name: ${CLUSTER_NAME} + workers: + machinePools: + - class: default-system + template: + bootstrap: + ref: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-pool0 + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureManagedMachinePoolTemplate + name: ${CLUSTER_NAME}-pool0 + - class: default-worker + template: + bootstrap: + ref: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-pool1 + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureManagedMachinePoolTemplate + name: ${CLUSTER_NAME}-pool1 +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureManagedControlPlaneTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureManagedClusterTemplate +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + template: + spec: {} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureManagedMachinePoolTemplate +metadata: + name: ${CLUSTER_NAME}-pool0 + namespace: default +spec: + template: + spec: + mode: System + name: pool0 + sku: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureManagedMachinePoolTemplate +metadata: + name: ${CLUSTER_NAME}-pool1 + namespace: default +spec: + template: + spec: + mode: User + name: pool1 + sku: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-pool0 + namespace: default +spec: + template: + spec: {} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-pool1 + namespace: default +spec: + template: + spec: {} diff --git a/files/cluster-api-provider-azure/v1.13.1/cluster-template-aks-topology.yaml b/files/cluster-api-provider-azure/v1.13.1/cluster-template-aks-topology.yaml new file mode 100644 index 00000000..c78efb4b --- /dev/null +++ b/files/cluster-api-provider-azure/v1.13.1/cluster-template-aks-topology.yaml @@ -0,0 +1,21 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + topology: + class: ${CLUSTER_CLASS_NAME} + version: ${KUBERNETES_VERSION} + workers: + machinePools: + - class: default-system + name: mp-0 + replicas: 1 + - class: default-worker + name: mp-1 + replicas: 1 diff --git a/files/cluster-api-provider-azure/v1.13.1/cluster-template-aks.yaml b/files/cluster-api-provider-azure/v1.13.1/cluster-template-aks.yaml new file mode 100644 index 00000000..3f411230 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.13.1/cluster-template-aks.yaml @@ -0,0 +1,116 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + services: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureManagedControlPlane + name: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureManagedCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureManagedControlPlane +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + resourceGroupName: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureManagedCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: ${CLUSTER_NAME}-pool0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + template: + metadata: {} + spec: + bootstrap: + dataSecretName: "" + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureManagedMachinePool + name: ${CLUSTER_NAME}-pool0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureManagedMachinePool +metadata: + name: ${CLUSTER_NAME}-pool0 + namespace: default +spec: + mode: System + name: pool0 + sku: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: ${CLUSTER_NAME}-pool1 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + template: + metadata: {} + spec: + bootstrap: + dataSecretName: "" + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureManagedMachinePool + name: ${CLUSTER_NAME}-pool1 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureManagedMachinePool +metadata: + name: ${CLUSTER_NAME}-pool1 + namespace: default +spec: + mode: User + name: pool1 + sku: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.13.1/cluster-template-azure-bastion.yaml b/files/cluster-api-provider-azure/v1.13.1/cluster-template-azure-bastion.yaml new file mode 100644 index 00000000..31cbcea5 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.13.1/cluster-template-azure-bastion.yaml @@ -0,0 +1,207 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + bastionSpec: + azureBastion: {} + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + preKubeadmCommands: [] +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.13.1/cluster-template-azure-cni-v1.yaml b/files/cluster-api-provider-azure/v1.13.1/cluster-template-azure-cni-v1.yaml new file mode 100644 index 00000000..fab81472 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.13.1/cluster-template-azure-cni-v1.yaml @@ -0,0 +1,214 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + max-pods: "110" + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + max-pods: "110" + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + networkInterfaces: + - privateIPConfigs: 110 + subnetName: control-plane-subnet + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + networkInterfaces: + - privateIPConfigs: 110 + subnetName: node-subnet + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + max-pods: "110" + name: '{{ ds.meta_data["local_hostname"] }}' + preKubeadmCommands: [] +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.13.1/cluster-template-clusterclass.yaml b/files/cluster-api-provider-azure/v1.13.1/cluster-template-clusterclass.yaml new file mode 100644 index 00000000..d85a122f --- /dev/null +++ b/files/cluster-api-provider-azure/v1.13.1/cluster-template-clusterclass.yaml @@ -0,0 +1,239 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: ClusterClass +metadata: + name: ${CLUSTER_CLASS_NAME} + namespace: default +spec: + controlPlane: + machineInfrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + ref: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlaneTemplate + name: ${CLUSTER_NAME}-control-plane + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterTemplate + name: ${CLUSTER_NAME}-azure-cluster + patches: + - definitions: + - jsonPatches: + - op: add + path: /spec/template/spec/kubeadmConfigSpec/clusterConfiguration/controllerManager/extraArgs/cluster-name + valueFrom: + variable: builtin.cluster.name + - op: replace + path: /spec/template/spec/kubeadmConfigSpec/files + valueFrom: + template: | + - contentFrom: + secret: + key: control-plane-azure.json + name: "{{ .builtin.controlPlane.machineTemplate.infrastructureRef.name }}-azure-json" + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + selector: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlaneTemplate + matchResources: + controlPlane: true + name: controlPlaneAzureJsonSecretName + - definitions: + - jsonPatches: + - op: replace + path: /spec/template/spec/files + valueFrom: + template: | + - contentFrom: + secret: + key: worker-node-azure.json + name: "{{ .builtin.machineDeployment.infrastructureRef.name }}-azure-json" + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + selector: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + matchResources: + machineDeploymentClass: + names: + - ${CLUSTER_NAME}-worker + name: workerAzureJsonSecretName + workers: + machineDeployments: + - class: ${CLUSTER_NAME}-worker + template: + bootstrap: + ref: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterTemplate +metadata: + name: ${CLUSTER_NAME}-azure-cluster + namespace: default +spec: + template: + spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + natGateway: + name: node-natgateway + role: node + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlaneTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: replace_me + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: replace_me + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + preKubeadmCommands: [] +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.13.1/cluster-template-dual-stack.yaml b/files/cluster-api-provider-azure/v1.13.1/cluster-template-dual-stack.yaml new file mode 100644 index 00000000..070cd67a --- /dev/null +++ b/files/cluster-api-provider-azure/v1.13.1/cluster-template-dual-stack.yaml @@ -0,0 +1,231 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + labels: + cni: calico-dual-stack + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 10.244.0.0/16 + - 2001:1234:5678:9a40::/58 + services: + cidrBlocks: + - 10.0.0.0/16 + - fd00::/108 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - cidrBlocks: + - 10.0.0.0/16 + - 2001:1234:5678:9abc::/64 + name: control-plane-subnet + role: control-plane + - cidrBlocks: + - 10.1.0.0/16 + - 2001:1234:5678:9abd::/64 + name: node-subnet + role: node + vnet: + cidrBlocks: + - 10.0.0.0/8 + - 2001:1234:5678:9a00::/56 + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "true" + cloud-provider: external + cluster-cidr: 10.244.0.0/16,2001:1234:5678:9a40::/58 + cluster-name: ${CLUSTER_NAME} + configure-cloud-routes: "true" + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + localAPIEndpoint: + bindPort: 6443 + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + controlPlane: + localAPIEndpoint: + bindPort: 6443 + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + enableIPForwarding: true + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + enableIPForwarding: true + osDisk: + diskSizeGB: 30 + managedDisk: + storageAccountType: Premium_LRS + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' diff --git a/files/cluster-api-provider-azure/v1.13.1/cluster-template-edgezone.yaml b/files/cluster-api-provider-azure/v1.13.1/cluster-template-edgezone.yaml new file mode 100644 index 00000000..81e7a725 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.13.1/cluster-template-edgezone.yaml @@ -0,0 +1,208 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + extendedLocation: + name: ${AZURE_EXTENDEDLOCATION_NAME} + type: ${AZURE_EXTENDEDLOCATION_TYPE} + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + preKubeadmCommands: [] +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.13.1/cluster-template-ephemeral.yaml b/files/cluster-api-provider-azure/v1.13.1/cluster-template-ephemeral.yaml new file mode 100644 index 00000000..105a0d9a --- /dev/null +++ b/files/cluster-api-provider-azure/v1.13.1/cluster-template-ephemeral.yaml @@ -0,0 +1,211 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + cachingType: ReadOnly + diffDiskSettings: + option: Local + diskSizeGB: 50 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + cachingType: ReadOnly + diffDiskSettings: + option: Local + diskSizeGB: 50 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + preKubeadmCommands: [] +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.13.1/cluster-template-flatcar.yaml b/files/cluster-api-provider-azure/v1.13.1/cluster-template-flatcar.yaml new file mode 100644 index 00000000..201774a2 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.13.1/cluster-template-flatcar.yaml @@ -0,0 +1,247 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + overwrite: false + partitions: [] + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + format: ignition + ignition: + containerLinuxConfig: + additionalConfig: | + systemd: + units: + - name: kubeadm.service + dropins: + - name: 10-flatcar.conf + contents: | + [Unit] + After=oem-cloudinit.service + # kubeadm must run after containerd - see https://github.com/kubernetes-sigs/image-builder/issues/939. + After=containerd.service + # Workaround for https://github.com/kubernetes-sigs/cluster-api/issues/7679. + storage: + disks: + - device: /dev/disk/azure/scsi1/lun0 + partitions: + - number: 1 + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '@@HOSTNAME@@' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '@@HOSTNAME@@' + mounts: + - - etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: + - sed -i "s/@@HOSTNAME@@/$(curl -s -H Metadata:true --noproxy '*' 'http://169.254.169.254/metadata/instance?api-version=2020-09-01' + | jq -r .compute.name)/g" /etc/kubeadm.yml + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + image: + computeGallery: + gallery: flatcar4capi-742ef0cb-dcaa-4ecb-9cb0-bfd2e43dccc0 + name: flatcar-stable-amd64-capi-${KUBERNETES_VERSION} + version: ${FLATCAR_VERSION} + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + image: + computeGallery: + gallery: flatcar4capi-742ef0cb-dcaa-4ecb-9cb0-bfd2e43dccc0 + name: flatcar-stable-amd64-capi-${KUBERNETES_VERSION} + version: ${FLATCAR_VERSION} + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + format: ignition + ignition: + containerLinuxConfig: + additionalConfig: | + systemd: + units: + - name: kubeadm.service + dropins: + - name: 10-flatcar.conf + contents: | + [Unit] + After=oem-cloudinit.service + # kubeadm must run after containerd - see https://github.com/kubernetes-sigs/image-builder/issues/939. + After=containerd.service + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '@@HOSTNAME@@' + postKubeadmCommands: [] + preKubeadmCommands: + - sed -i "s/@@HOSTNAME@@/$(curl -s -H Metadata:true --noproxy '*' 'http://169.254.169.254/metadata/instance?api-version=2020-09-01' + | jq -r .compute.name)/g" /etc/kubeadm.yml +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.13.1/cluster-template-ipv6.yaml b/files/cluster-api-provider-azure/v1.13.1/cluster-template-ipv6.yaml new file mode 100644 index 00000000..884f77d5 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.13.1/cluster-template-ipv6.yaml @@ -0,0 +1,247 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 2001:1234:5678:9a40::/58 + services: + cidrBlocks: + - fd00::/108 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - cidrBlocks: + - 10.0.0.0/16 + - 2001:1234:5678:9abc::/64 + name: control-plane-subnet + role: control-plane + - cidrBlocks: + - 10.1.0.0/16 + - 2001:1234:5678:9abd::/64 + name: node-subnet + role: node + vnet: + cidrBlocks: + - 10.0.0.0/8 + - 2001:1234:5678:9a00::/56 + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + bind-address: '::' + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "true" + bind-address: '::' + cloud-provider: external + cluster-cidr: 2001:1234:5678:9a40::/58 + cluster-name: ${CLUSTER_NAME} + configure-cloud-routes: "true" + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + scheduler: + extraArgs: + bind-address: '::' + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + localAPIEndpoint: + advertiseAddress: '::' + bindPort: 6443 + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + cluster-dns: fd00::10 + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + controlPlane: + localAPIEndpoint: + advertiseAddress: '::' + bindPort: 6443 + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + cluster-dns: fd00::10 + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + enableIPForwarding: true + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + enableIPForwarding: true + osDisk: + diskSizeGB: 30 + managedDisk: + storageAccountType: Premium_LRS + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + clusterConfiguration: + apiServer: + extraArgs: + bind-address: '::' + controllerManager: + extraArgs: + bind-address: '::' + scheduler: + extraArgs: + bind-address: '::' + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + cluster-dns: '[fd00::10]' + name: '{{ ds.meta_data["local_hostname"] }}' diff --git a/files/cluster-api-provider-azure/v1.13.1/cluster-template-machinepool-windows.yaml b/files/cluster-api-provider-azure/v1.13.1/cluster-template-machinepool-windows.yaml new file mode 100644 index 00000000..0861baa2 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.13.1/cluster-template-machinepool-windows.yaml @@ -0,0 +1,288 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + labels: + cni-windows: calico + csi-proxy: enabled + windows: enabled + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: ${CLUSTER_NAME}-mp-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfig + name: ${CLUSTER_NAME}-mp-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachinePool + name: ${CLUSTER_NAME}-mp-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachinePool +metadata: + name: ${CLUSTER_NAME}-mp-0 + namespace: default +spec: + location: ${AZURE_LOCATION} + strategy: + rollingUpdate: + deletePolicy: Oldest + maxSurge: 25% + maxUnavailable: 1 + type: RollingUpdate + template: + osDisk: + diskSizeGB: 30 + managedDisk: + storageAccountType: Premium_LRS + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfig +metadata: + name: ${CLUSTER_NAME}-mp-0 + namespace: default +spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-mp-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: ${CLUSTER_NAME}-mp-win + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfig + name: ${CLUSTER_NAME}-mp-win + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachinePool + name: ${CLUSTER_NAME}-mp-win + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachinePool +metadata: + annotations: + runtime: containerd + windowsServerVersion: ${WINDOWS_SERVER_VERSION:=""} + name: ${CLUSTER_NAME}-mp-win + namespace: default +spec: + location: ${AZURE_LOCATION} + template: + osDisk: + diskSizeGB: 128 + managedDisk: + storageAccountType: Premium_LRS + osType: Windows + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfig +metadata: + name: ${CLUSTER_NAME}-mp-win + namespace: default +spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-mp-win-azure-json + owner: root:root + path: c:/k/azure.json + permissions: "0644" + - content: Add-MpPreference -ExclusionProcess C:/opt/cni/bin/calico.exe + path: C:/defender-exclude-calico.ps1 + permissions: "0744" + joinConfiguration: + nodeRegistration: + criSocket: npipe:////./pipe/containerd-containerd + kubeletExtraArgs: + cloud-provider: external + pod-infra-container-image: mcr.microsoft.com/oss/kubernetes/pause:3.9 + name: '{{ ds.meta_data["local_hostname"] }}' + postKubeadmCommands: + - nssm set kubelet start SERVICE_AUTO_START + - powershell C:/defender-exclude-calico.ps1 + preKubeadmCommands: + - powershell c:/create-external-network.ps1 + users: + - groups: Administrators + name: capi + sshAuthorizedKeys: + - ${AZURE_SSH_PUBLIC_KEY:=""} diff --git a/files/cluster-api-provider-azure/v1.13.1/cluster-template-machinepool.yaml b/files/cluster-api-provider-azure/v1.13.1/cluster-template-machinepool.yaml new file mode 100644 index 00000000..b337dc5a --- /dev/null +++ b/files/cluster-api-provider-azure/v1.13.1/cluster-template-machinepool.yaml @@ -0,0 +1,208 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: ${CLUSTER_NAME}-mp-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfig + name: ${CLUSTER_NAME}-mp-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachinePool + name: ${CLUSTER_NAME}-mp-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachinePool +metadata: + name: ${CLUSTER_NAME}-mp-0 + namespace: default +spec: + location: ${AZURE_LOCATION} + strategy: + rollingUpdate: + deletePolicy: Oldest + maxSurge: 25% + maxUnavailable: 1 + type: RollingUpdate + template: + osDisk: + diskSizeGB: 30 + managedDisk: + storageAccountType: Premium_LRS + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfig +metadata: + name: ${CLUSTER_NAME}-mp-0 + namespace: default +spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-mp-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.13.1/cluster-template-nvidia-gpu.yaml b/files/cluster-api-provider-azure/v1.13.1/cluster-template-nvidia-gpu.yaml new file mode 100644 index 00000000..4ced5e04 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.13.1/cluster-template-nvidia-gpu.yaml @@ -0,0 +1,206 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + diskSizeGB: 128 + managedDisk: + storageAccountType: Premium_LRS + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' diff --git a/files/cluster-api-provider-azure/v1.13.1/cluster-template-private.yaml b/files/cluster-api-provider-azure/v1.13.1/cluster-template-private.yaml new file mode 100644 index 00000000..031b6c98 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.13.1/cluster-template-private.yaml @@ -0,0 +1,219 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + bastionSpec: + azureBastion: {} + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + apiServerLB: + name: ${CLUSTER_NAME}-internal-lb + type: Internal + controlPlaneOutboundLB: + frontendIPsCount: 1 + nodeOutboundLB: + frontendIPsCount: 1 + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: + - if [ -f /tmp/kubeadm-join-config.yaml ] || [ -f /run/kubeadm/kubeadm-join-config.yaml + ]; then echo '127.0.0.1 apiserver.${CLUSTER_NAME}.capz.io apiserver' >> /etc/hosts; + fi + preKubeadmCommands: + - if [ -f /tmp/kubeadm.yaml ] || [ -f /run/kubeadm/kubeadm.yaml ]; then echo '127.0.0.1 apiserver.${CLUSTER_NAME}.capz.io + apiserver' >> /etc/hosts; fi + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + preKubeadmCommands: [] +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.13.1/cluster-template-topology.yaml b/files/cluster-api-provider-azure/v1.13.1/cluster-template-topology.yaml new file mode 100644 index 00000000..28ad70f5 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.13.1/cluster-template-topology.yaml @@ -0,0 +1,23 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + labels: + containerd-logger: enabled + csi-proxy: enabled + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + topology: + class: ${CLUSTER_CLASS_NAME} + controlPlane: + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} + workers: + machineDeployments: + - class: ${CLUSTER_NAME}-worker + name: md-0 + replicas: ${WORKER_MACHINE_COUNT} diff --git a/files/cluster-api-provider-azure/v1.13.1/cluster-template-windows.yaml b/files/cluster-api-provider-azure/v1.13.1/cluster-template-windows.yaml new file mode 100644 index 00000000..f7104d26 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.13.1/cluster-template-windows.yaml @@ -0,0 +1,293 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + labels: + cni-windows: calico + csi-proxy: enabled + windows: enabled + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + preKubeadmCommands: [] +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-win + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-win + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-win + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + annotations: + runtime: containerd + name: ${CLUSTER_NAME}-md-win + namespace: default +spec: + template: + metadata: + annotations: + runtime: containerd + spec: + osDisk: + diskSizeGB: 128 + managedDisk: + storageAccountType: Premium_LRS + osType: Windows + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-win + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-win-azure-json + owner: root:root + path: c:/k/azure.json + permissions: "0644" + - content: |- + Add-MpPreference -ExclusionProcess C:/opt/cni/bin/calico.exe + Add-MpPreference -ExclusionProcess C:/opt/cni/bin/calico-ipam.exe + path: C:/defender-exclude-calico.ps1 + permissions: "0744" + joinConfiguration: + nodeRegistration: + criSocket: npipe:////./pipe/containerd-containerd + kubeletExtraArgs: + cloud-provider: external + v: "2" + windows-priorityclass: ABOVE_NORMAL_PRIORITY_CLASS + name: '{{ ds.meta_data["local_hostname"] }}' + postKubeadmCommands: + - nssm set kubelet start SERVICE_AUTO_START + - powershell C:/defender-exclude-calico.ps1 + preKubeadmCommands: [] + users: + - groups: Administrators + name: capi + sshAuthorizedKeys: + - ${AZURE_SSH_PUBLIC_KEY:=""} diff --git a/files/cluster-api-provider-azure/v1.13.1/cluster-template.yaml b/files/cluster-api-provider-azure/v1.13.1/cluster-template.yaml new file mode 100644 index 00000000..185ecdb9 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.13.1/cluster-template.yaml @@ -0,0 +1,205 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + preKubeadmCommands: [] +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.13.1/infrastructure-components.yaml b/files/cluster-api-provider-azure/v1.13.1/infrastructure-components.yaml new file mode 100644 index 00000000..1ae05ede --- /dev/null +++ b/files/cluster-api-provider-azure/v1.13.1/infrastructure-components.yaml @@ -0,0 +1,63166 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + pod-security.kubernetes.io/enforce: privileged + name: capz-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azureclusteridentities.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capz-webhook-service + namespace: capz-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureClusterIdentity + listKind: AzureClusterIdentityList + plural: azureclusteridentities + singular: azureclusteridentity + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Type of Azure Identity + jsonPath: .spec.type + name: Type + type: string + - description: Time duration since creation of this AzureClusterIdentity + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: AzureClusterIdentity is the Schema for the azureclustersidentities + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureClusterIdentitySpec defines the parameters that are + used to create an AzureIdentity. + properties: + allowedNamespaces: + description: AllowedNamespaces is used to identify the namespaces + the clusters are allowed to use the identity from. Namespaces can + be selected either using an array of namespaces or with label selector. + An empty allowedNamespaces object indicates that AzureClusters can + use this identity from any namespace. If this object is nil, no + namespaces will be allowed (default behaviour, if this field is + not provided) A namespace should be either in the NamespaceList + or match with Selector to use the identity. + nullable: true + properties: + list: + description: A nil or empty list indicates that AzureCluster cannot + use the identity from any namespace. + items: + type: string + nullable: true + type: array + selector: + description: "Selector is a selector of namespaces that AzureCluster + can use this Identity from. This is a standard Kubernetes LabelSelector, + a label query over a set of resources. The result of matchLabels + and matchExpressions are ANDed. \n A nil or empty selector indicates + that AzureCluster cannot use this AzureClusterIdentity from + any namespace." + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + clientID: + description: ClientID is the service principal client ID. Both User + Assigned MSI and SP can use this field. + type: string + clientSecret: + description: ClientSecret is a secret reference which should contain + either a Service Principal password or certificate secret. + properties: + name: + description: name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: namespace defines the space within which the secret + name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + resourceID: + description: ResourceID is the Azure resource ID for the User Assigned + MSI resource. Only applicable when type is UserAssignedMSI. + type: string + tenantID: + description: TenantID is the service principal primary tenant id. + type: string + type: + description: Type is the type of Azure Identity used. ServicePrincipal, + ServicePrincipalCertificate, UserAssignedMSI, ManualServicePrincipal + or WorkloadIdentity. + enum: + - ServicePrincipal + - UserAssignedMSI + - ManualServicePrincipal + - ServicePrincipalCertificate + - WorkloadIdentity + type: string + required: + - clientID + - tenantID + - type + type: object + status: + description: AzureClusterIdentityStatus defines the observed state of + AzureClusterIdentity. + properties: + conditions: + description: Conditions defines current service state of the AzureClusterIdentity. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azureclusters.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capz-webhook-service + namespace: capz-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureCluster + listKind: AzureClusterList + plural: azureclusters + singular: azurecluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster to which this AzureCluster belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + priority: 1 + type: string + - jsonPath: .spec.resourceGroup + name: Resource Group + priority: 1 + type: string + - jsonPath: .spec.subscriptionID + name: SubscriptionID + priority: 1 + type: string + - jsonPath: .spec.location + name: Location + priority: 1 + type: string + - description: Control Plane Endpoint + jsonPath: .spec.controlPlaneEndpoint.host + name: Endpoint + priority: 1 + type: string + - description: Time duration since creation of this AzureCluster + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: AzureCluster is the Schema for the azureclusters API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureClusterSpec defines the desired state of AzureCluster. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to Azure + resources managed by the Azure provider, in addition to the ones + added by default. + type: object + azureEnvironment: + description: "AzureEnvironment is the name of the AzureCloud to be + used. The default value that would be used by most users is \"AzurePublicCloud\", + other values are: - ChinaCloud: \"AzureChinaCloud\" - GermanCloud: + \"AzureGermanCloud\" - PublicCloud: \"AzurePublicCloud\" - USGovernmentCloud: + \"AzureUSGovernmentCloud\" \n Note that values other than the default + must also be accompanied by corresponding changes to the aso-controller-settings + Secret to configure ASO to refer to the non-Public cloud. ASO currently + does not support referring to multiple different clouds in a single + installation. The following fields must be defined in the Secret: + - AZURE_AUTHORITY_HOST - AZURE_RESOURCE_MANAGER_ENDPOINT - AZURE_RESOURCE_MANAGER_AUDIENCE + \n See the [ASO docs] for more details. \n [ASO docs]: https://azure.github.io/azure-service-operator/guide/aso-controller-settings-options/" + type: string + bastionSpec: + description: BastionSpec encapsulates all things related to the Bastions + in the cluster. + properties: + azureBastion: + description: AzureBastion specifies how the Azure Bastion cloud + component should be configured. + properties: + enableTunneling: + default: false + description: EnableTunneling enables the native client support + feature for the Azure Bastion Host. Defaults to false. + type: boolean + name: + type: string + publicIP: + description: PublicIPSpec defines the inputs to create an + Azure public IP address. + properties: + dnsName: + type: string + ipTags: + items: + description: IPTag contains the IpTag associated with + the object. + properties: + tag: + description: 'Tag specifies the value of the IP + tag associated with the public IP. Example: SQL.' + type: string + type: + description: 'Type specifies the IP tag type. Example: + FirstPartyUsage.' + type: string + required: + - tag + - type + type: object + type: array + name: + type: string + required: + - name + type: object + sku: + default: Basic + description: BastionHostSkuName configures the tier of the + Azure Bastion Host. Can be either Basic or Standard. Defaults + to Basic. + enum: + - Basic + - Standard + type: string + subnet: + description: SubnetSpec configures an Azure subnet. + properties: + cidrBlocks: + description: CIDRBlocks defines the subnet's address space, + specified as one or more address prefixes in CIDR notation. + items: + type: string + type: array + id: + description: ID is the Azure resource ID of the subnet. + READ-ONLY + type: string + name: + description: Name defines a name for the subnet resource. + type: string + natGateway: + description: NatGateway associated with this subnet. + properties: + id: + description: ID is the Azure resource ID of the NAT + gateway. READ-ONLY + type: string + ip: + description: PublicIPSpec defines the inputs to create + an Azure public IP address. + properties: + dnsName: + type: string + ipTags: + items: + description: IPTag contains the IpTag associated + with the object. + properties: + tag: + description: 'Tag specifies the value of + the IP tag associated with the public + IP. Example: SQL.' + type: string + type: + description: 'Type specifies the IP tag + type. Example: FirstPartyUsage.' + type: string + required: + - tag + - type + type: object + type: array + name: + type: string + required: + - name + type: object + name: + type: string + required: + - name + type: object + privateEndpoints: + description: PrivateEndpoints defines a list of private + endpoints that should be attached to this subnet. + items: + description: PrivateEndpointSpec configures an Azure + Private Endpoint. + properties: + applicationSecurityGroups: + description: ApplicationSecurityGroups specifies + the Application security group in which the private + endpoint IP configuration is included. + items: + type: string + type: array + customNetworkInterfaceName: + description: CustomNetworkInterfaceName specifies + the network interface name associated with the + private endpoint. + type: string + location: + description: Location specifies the region to create + the private endpoint. + type: string + manualApproval: + description: ManualApproval specifies if the connection + approval needs to be done manually or not. Set + it true when the network admin does not have access + to approve connections to the remote resource. + Defaults to false. + type: boolean + name: + description: Name specifies the name of the private + endpoint. + type: string + privateIPAddresses: + description: PrivateIPAddresses specifies the IP + addresses for the network interface associated + with the private endpoint. They have to be part + of the subnet where the private endpoint is linked. + items: + type: string + type: array + privateLinkServiceConnections: + description: PrivateLinkServiceConnections specifies + Private Link Service Connections of the private + endpoint. + items: + description: PrivateLinkServiceConnection defines + the specification for a private link service + connection associated with a private endpoint. + properties: + groupIDs: + description: GroupIDs specifies the ID(s) + of the group(s) obtained from the remote + resource that this private endpoint should + connect to. + items: + type: string + type: array + name: + description: Name specifies the name of the + private link service. + type: string + privateLinkServiceID: + description: PrivateLinkServiceID specifies + the resource ID of the private link service. + type: string + requestMessage: + description: RequestMessage specifies a message + passed to the owner of the remote resource + with the private endpoint connection request. + maxLength: 140 + type: string + type: object + type: array + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + role: + description: Role defines the subnet role (eg. Node, ControlPlane) + enum: + - node + - control-plane + - bastion + type: string + routeTable: + description: RouteTable defines the route table that should + be attached to this subnet. + properties: + id: + description: ID is the Azure resource ID of the route + table. READ-ONLY + type: string + name: + type: string + required: + - name + type: object + securityGroup: + description: SecurityGroup defines the NSG (network security + group) that should be attached to this subnet. + properties: + id: + description: ID is the Azure resource ID of the security + group. READ-ONLY + type: string + name: + type: string + securityRules: + description: SecurityRules is a slice of Azure security + rules for security groups. + items: + description: SecurityRule defines an Azure security + rule for security groups. + properties: + action: + default: Allow + description: Action specifies whether network + traffic is allowed or denied. Can either be + "Allow" or "Deny". Defaults to "Allow". + enum: + - Allow + - Deny + type: string + description: + description: A description for this rule. Restricted + to 140 chars. + type: string + destination: + description: Destination is the destination + address prefix. CIDR or destination IP range. + Asterix '*' can also be used to match all + source IPs. Default tags such as 'VirtualNetwork', + 'AzureLoadBalancer' and 'Internet' can also + be used. + type: string + destinationPorts: + description: DestinationPorts specifies the + destination port or range. Integer or range + between 0 and 65535. Asterix '*' can also + be used to match all ports. + type: string + direction: + description: Direction indicates whether the + rule applies to inbound, or outbound traffic. + "Inbound" or "Outbound". + enum: + - Inbound + - Outbound + type: string + name: + description: Name is a unique name within the + network security group. + type: string + priority: + description: Priority is a number between 100 + and 4096. Each rule should have a unique value + for priority. Rules are processed in priority + order, with lower numbers processed before + higher numbers. Once traffic matches a rule, + processing stops. + format: int32 + type: integer + protocol: + description: Protocol specifies the protocol + type. "Tcp", "Udp", "Icmp", or "*". + enum: + - Tcp + - Udp + - Icmp + - '*' + type: string + source: + description: Source specifies the CIDR or source + IP range. Asterix '*' can also be used to + match all source IPs. Default tags such as + 'VirtualNetwork', 'AzureLoadBalancer' and + 'Internet' can also be used. If this is an + ingress rule, specifies where network traffic + originates from. + type: string + sourcePorts: + description: SourcePorts specifies source port + or range. Integer or range between 0 and 65535. + Asterix '*' can also be used to match all + ports. + type: string + sources: + description: Sources specifies The CIDR or source + IP ranges. + items: + type: string + type: array + required: + - description + - direction + - name + - protocol + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + tags: + additionalProperties: + type: string + description: Tags defines a map of tags. + type: object + required: + - name + type: object + serviceEndpoints: + description: ServiceEndpoints is a slice of Virtual Network + service endpoints to enable for the subnets. + items: + description: ServiceEndpointSpec configures an Azure + Service Endpoint. + properties: + locations: + items: + type: string + type: array + service: + type: string + required: + - locations + - service + type: object + type: array + x-kubernetes-list-map-keys: + - service + x-kubernetes-list-type: map + required: + - name + - role + type: object + type: object + type: object + cloudProviderConfigOverrides: + description: 'CloudProviderConfigOverrides is an optional set of configuration + values that can be overridden in azure cloud provider config. This + is only a subset of options that are available in azure cloud provider + config. Some values for the cloud provider config are inferred from + other parts of cluster api provider azure spec, and may not be available + for overrides. See: https://cloud-provider-azure.sigs.k8s.io/install/configs + Note: All cloud provider config values can be customized by creating + the secret beforehand. CloudProviderConfigOverrides is only used + when the secret is managed by the Azure Provider.' + properties: + backOffs: + description: BackOffConfig indicates the back-off config options. + properties: + cloudProviderBackoff: + type: boolean + cloudProviderBackoffDuration: + type: integer + cloudProviderBackoffExponent: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + cloudProviderBackoffJitter: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + cloudProviderBackoffRetries: + type: integer + type: object + rateLimits: + items: + description: 'RateLimitSpec represents the rate limit configuration + for a particular kind of resource. Eg. loadBalancerRateLimit + is used to configure rate limits for load balancers. This + eventually gets converted to CloudProviderRateLimitConfig + that cloud-provider-azure expects. See: https://github.com/kubernetes-sigs/cloud-provider-azure/blob/d585c2031925b39c925624302f22f8856e29e352/pkg/provider/azure_ratelimit.go#L25 + We cannot use CloudProviderRateLimitConfig directly because + floating point values are not supported in controller-tools. + See: https://github.com/kubernetes-sigs/controller-tools/issues/245' + properties: + config: + description: RateLimitConfig indicates the rate limit config + options. + properties: + cloudProviderRateLimit: + type: boolean + cloudProviderRateLimitBucket: + type: integer + cloudProviderRateLimitBucketWrite: + type: integer + cloudProviderRateLimitQPS: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + cloudProviderRateLimitQPSWrite: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + name: + description: Name is the name of the rate limit spec. + enum: + - defaultRateLimit + - routeRateLimit + - subnetsRateLimit + - interfaceRateLimit + - routeTableRateLimit + - loadBalancerRateLimit + - publicIPAddressRateLimit + - securityGroupRateLimit + - virtualMachineRateLimit + - storageAccountRateLimit + - diskRateLimit + - snapshotRateLimit + - virtualMachineScaleSetRateLimit + - virtualMachineSizesRateLimit + - availabilitySetRateLimit + type: string + required: + - name + type: object + type: array + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. It is not recommended to set + this when creating an AzureCluster as CAPZ will set this for you. + However, if it is set, CAPZ will not change it. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + extendedLocation: + description: ExtendedLocation is an optional set of ExtendedLocation + properties for clusters on Azure public MEC. + properties: + name: + description: Name defines the name for the extended location. + type: string + type: + description: Type defines the type for the extended location. + enum: + - EdgeZone + type: string + required: + - name + - type + type: object + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: 'FailureDomains is a list of failure domains in the cluster''s + region, used to restrict eligibility to host the control plane. + A FailureDomain maps to an availability zone, which is a separated + group of datacenters within a region. See: https://learn.microsoft.com/azure/reliability/availability-zones-overview' + type: object + identityRef: + description: IdentityRef is a reference to an AzureIdentity to be + used when reconciling this cluster + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + location: + type: string + networkSpec: + description: NetworkSpec encapsulates all things related to Azure + network. + properties: + apiServerLB: + description: APIServerLB is the configuration for the control-plane + load balancer. + properties: + backendPool: + description: BackendPool describes the backend pool of the + load balancer. + properties: + name: + description: Name specifies the name of backend pool for + the load balancer. If not specified, the default name + will be set, depending on the load balancer role. + type: string + type: object + frontendIPs: + items: + description: FrontendIP defines a load balancer frontend + IP configuration. + properties: + name: + minLength: 1 + type: string + privateIP: + type: string + publicIP: + description: PublicIPSpec defines the inputs to create + an Azure public IP address. + properties: + dnsName: + type: string + ipTags: + items: + description: IPTag contains the IpTag associated + with the object. + properties: + tag: + description: 'Tag specifies the value of the + IP tag associated with the public IP. Example: + SQL.' + type: string + type: + description: 'Type specifies the IP tag type. + Example: FirstPartyUsage.' + type: string + required: + - tag + - type + type: object + type: array + name: + type: string + required: + - name + type: object + required: + - name + type: object + type: array + frontendIPsCount: + description: FrontendIPsCount specifies the number of frontend + IP addresses for the load balancer. + format: int32 + type: integer + id: + description: ID is the Azure resource ID of the load balancer. + READ-ONLY + type: string + idleTimeoutInMinutes: + description: IdleTimeoutInMinutes specifies the timeout for + the TCP idle connection. + format: int32 + type: integer + name: + type: string + sku: + description: SKU defines an Azure load balancer SKU. + type: string + type: + description: LBType defines an Azure load balancer Type. + type: string + type: object + controlPlaneOutboundLB: + description: ControlPlaneOutboundLB is the configuration for the + control-plane outbound load balancer. This is different from + APIServerLB, and is used only in private clusters (optionally) + for enabling outbound traffic. + properties: + backendPool: + description: BackendPool describes the backend pool of the + load balancer. + properties: + name: + description: Name specifies the name of backend pool for + the load balancer. If not specified, the default name + will be set, depending on the load balancer role. + type: string + type: object + frontendIPs: + items: + description: FrontendIP defines a load balancer frontend + IP configuration. + properties: + name: + minLength: 1 + type: string + privateIP: + type: string + publicIP: + description: PublicIPSpec defines the inputs to create + an Azure public IP address. + properties: + dnsName: + type: string + ipTags: + items: + description: IPTag contains the IpTag associated + with the object. + properties: + tag: + description: 'Tag specifies the value of the + IP tag associated with the public IP. Example: + SQL.' + type: string + type: + description: 'Type specifies the IP tag type. + Example: FirstPartyUsage.' + type: string + required: + - tag + - type + type: object + type: array + name: + type: string + required: + - name + type: object + required: + - name + type: object + type: array + frontendIPsCount: + description: FrontendIPsCount specifies the number of frontend + IP addresses for the load balancer. + format: int32 + type: integer + id: + description: ID is the Azure resource ID of the load balancer. + READ-ONLY + type: string + idleTimeoutInMinutes: + description: IdleTimeoutInMinutes specifies the timeout for + the TCP idle connection. + format: int32 + type: integer + name: + type: string + sku: + description: SKU defines an Azure load balancer SKU. + type: string + type: + description: LBType defines an Azure load balancer Type. + type: string + type: object + nodeOutboundLB: + description: NodeOutboundLB is the configuration for the node + outbound load balancer. + properties: + backendPool: + description: BackendPool describes the backend pool of the + load balancer. + properties: + name: + description: Name specifies the name of backend pool for + the load balancer. If not specified, the default name + will be set, depending on the load balancer role. + type: string + type: object + frontendIPs: + items: + description: FrontendIP defines a load balancer frontend + IP configuration. + properties: + name: + minLength: 1 + type: string + privateIP: + type: string + publicIP: + description: PublicIPSpec defines the inputs to create + an Azure public IP address. + properties: + dnsName: + type: string + ipTags: + items: + description: IPTag contains the IpTag associated + with the object. + properties: + tag: + description: 'Tag specifies the value of the + IP tag associated with the public IP. Example: + SQL.' + type: string + type: + description: 'Type specifies the IP tag type. + Example: FirstPartyUsage.' + type: string + required: + - tag + - type + type: object + type: array + name: + type: string + required: + - name + type: object + required: + - name + type: object + type: array + frontendIPsCount: + description: FrontendIPsCount specifies the number of frontend + IP addresses for the load balancer. + format: int32 + type: integer + id: + description: ID is the Azure resource ID of the load balancer. + READ-ONLY + type: string + idleTimeoutInMinutes: + description: IdleTimeoutInMinutes specifies the timeout for + the TCP idle connection. + format: int32 + type: integer + name: + type: string + sku: + description: SKU defines an Azure load balancer SKU. + type: string + type: + description: LBType defines an Azure load balancer Type. + type: string + type: object + privateDNSZoneName: + description: PrivateDNSZoneName defines the zone name for the + Azure Private DNS. + type: string + subnets: + description: Subnets is the configuration for the control-plane + subnet and the node subnet. + items: + description: SubnetSpec configures an Azure subnet. + properties: + cidrBlocks: + description: CIDRBlocks defines the subnet's address space, + specified as one or more address prefixes in CIDR notation. + items: + type: string + type: array + id: + description: ID is the Azure resource ID of the subnet. + READ-ONLY + type: string + name: + description: Name defines a name for the subnet resource. + type: string + natGateway: + description: NatGateway associated with this subnet. + properties: + id: + description: ID is the Azure resource ID of the NAT + gateway. READ-ONLY + type: string + ip: + description: PublicIPSpec defines the inputs to create + an Azure public IP address. + properties: + dnsName: + type: string + ipTags: + items: + description: IPTag contains the IpTag associated + with the object. + properties: + tag: + description: 'Tag specifies the value of the + IP tag associated with the public IP. Example: + SQL.' + type: string + type: + description: 'Type specifies the IP tag type. + Example: FirstPartyUsage.' + type: string + required: + - tag + - type + type: object + type: array + name: + type: string + required: + - name + type: object + name: + type: string + required: + - name + type: object + privateEndpoints: + description: PrivateEndpoints defines a list of private + endpoints that should be attached to this subnet. + items: + description: PrivateEndpointSpec configures an Azure Private + Endpoint. + properties: + applicationSecurityGroups: + description: ApplicationSecurityGroups specifies the + Application security group in which the private + endpoint IP configuration is included. + items: + type: string + type: array + customNetworkInterfaceName: + description: CustomNetworkInterfaceName specifies + the network interface name associated with the private + endpoint. + type: string + location: + description: Location specifies the region to create + the private endpoint. + type: string + manualApproval: + description: ManualApproval specifies if the connection + approval needs to be done manually or not. Set it + true when the network admin does not have access + to approve connections to the remote resource. Defaults + to false. + type: boolean + name: + description: Name specifies the name of the private + endpoint. + type: string + privateIPAddresses: + description: PrivateIPAddresses specifies the IP addresses + for the network interface associated with the private + endpoint. They have to be part of the subnet where + the private endpoint is linked. + items: + type: string + type: array + privateLinkServiceConnections: + description: PrivateLinkServiceConnections specifies + Private Link Service Connections of the private + endpoint. + items: + description: PrivateLinkServiceConnection defines + the specification for a private link service connection + associated with a private endpoint. + properties: + groupIDs: + description: GroupIDs specifies the ID(s) of + the group(s) obtained from the remote resource + that this private endpoint should connect + to. + items: + type: string + type: array + name: + description: Name specifies the name of the + private link service. + type: string + privateLinkServiceID: + description: PrivateLinkServiceID specifies + the resource ID of the private link service. + type: string + requestMessage: + description: RequestMessage specifies a message + passed to the owner of the remote resource + with the private endpoint connection request. + maxLength: 140 + type: string + type: object + type: array + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + role: + description: Role defines the subnet role (eg. Node, ControlPlane) + enum: + - node + - control-plane + - bastion + type: string + routeTable: + description: RouteTable defines the route table that should + be attached to this subnet. + properties: + id: + description: ID is the Azure resource ID of the route + table. READ-ONLY + type: string + name: + type: string + required: + - name + type: object + securityGroup: + description: SecurityGroup defines the NSG (network security + group) that should be attached to this subnet. + properties: + id: + description: ID is the Azure resource ID of the security + group. READ-ONLY + type: string + name: + type: string + securityRules: + description: SecurityRules is a slice of Azure security + rules for security groups. + items: + description: SecurityRule defines an Azure security + rule for security groups. + properties: + action: + default: Allow + description: Action specifies whether network + traffic is allowed or denied. Can either be + "Allow" or "Deny". Defaults to "Allow". + enum: + - Allow + - Deny + type: string + description: + description: A description for this rule. Restricted + to 140 chars. + type: string + destination: + description: Destination is the destination address + prefix. CIDR or destination IP range. Asterix + '*' can also be used to match all source IPs. + Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' + and 'Internet' can also be used. + type: string + destinationPorts: + description: DestinationPorts specifies the destination + port or range. Integer or range between 0 and + 65535. Asterix '*' can also be used to match + all ports. + type: string + direction: + description: Direction indicates whether the rule + applies to inbound, or outbound traffic. "Inbound" + or "Outbound". + enum: + - Inbound + - Outbound + type: string + name: + description: Name is a unique name within the + network security group. + type: string + priority: + description: Priority is a number between 100 + and 4096. Each rule should have a unique value + for priority. Rules are processed in priority + order, with lower numbers processed before higher + numbers. Once traffic matches a rule, processing + stops. + format: int32 + type: integer + protocol: + description: Protocol specifies the protocol type. + "Tcp", "Udp", "Icmp", or "*". + enum: + - Tcp + - Udp + - Icmp + - '*' + type: string + source: + description: Source specifies the CIDR or source + IP range. Asterix '*' can also be used to match + all source IPs. Default tags such as 'VirtualNetwork', + 'AzureLoadBalancer' and 'Internet' can also + be used. If this is an ingress rule, specifies + where network traffic originates from. + type: string + sourcePorts: + description: SourcePorts specifies source port + or range. Integer or range between 0 and 65535. + Asterix '*' can also be used to match all ports. + type: string + sources: + description: Sources specifies The CIDR or source + IP ranges. + items: + type: string + type: array + required: + - description + - direction + - name + - protocol + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + tags: + additionalProperties: + type: string + description: Tags defines a map of tags. + type: object + required: + - name + type: object + serviceEndpoints: + description: ServiceEndpoints is a slice of Virtual Network + service endpoints to enable for the subnets. + items: + description: ServiceEndpointSpec configures an Azure Service + Endpoint. + properties: + locations: + items: + type: string + type: array + service: + type: string + required: + - locations + - service + type: object + type: array + x-kubernetes-list-map-keys: + - service + x-kubernetes-list-type: map + required: + - name + - role + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + vnet: + description: Vnet is the configuration for the Azure virtual network. + properties: + cidrBlocks: + description: CIDRBlocks defines the virtual network's address + space, specified as one or more address prefixes in CIDR + notation. + items: + type: string + type: array + id: + description: ID is the Azure resource ID of the virtual network. + READ-ONLY + type: string + name: + description: Name defines a name for the virtual network resource. + type: string + peerings: + description: Peerings defines a list of peerings of the newly + created virtual network with existing virtual networks. + items: + description: VnetPeeringSpec specifies an existing remote + virtual network to peer with the AzureCluster's virtual + network. + properties: + forwardPeeringProperties: + description: ForwardPeeringProperties specifies VnetPeeringProperties + for peering from the cluster's virtual network to + the remote virtual network. + properties: + allowForwardedTraffic: + description: AllowForwardedTraffic specifies whether + the forwarded traffic from the VMs in the local + virtual network will be allowed/disallowed in + remote virtual network. + type: boolean + allowGatewayTransit: + description: AllowGatewayTransit specifies if gateway + links can be used in remote virtual networking + to link to this virtual network. + type: boolean + allowVirtualNetworkAccess: + description: AllowVirtualNetworkAccess specifies + whether the VMs in the local virtual network space + would be able to access the VMs in remote virtual + network space. + type: boolean + useRemoteGateways: + description: UseRemoteGateways specifies if remote + gateways can be used on this virtual network. + If the flag is set to true, and allowGatewayTransit + on remote peering is also set to true, the virtual + network will use the gateways of the remote virtual + network for transit. Only one peering can have + this flag set to true. This flag cannot be set + if virtual network already has a gateway. + type: boolean + type: object + remoteVnetName: + description: RemoteVnetName defines name of the remote + virtual network. + type: string + resourceGroup: + description: ResourceGroup is the resource group name + of the remote virtual network. + type: string + reversePeeringProperties: + description: ReversePeeringProperties specifies VnetPeeringProperties + for peering from the remote virtual network to the + cluster's virtual network. + properties: + allowForwardedTraffic: + description: AllowForwardedTraffic specifies whether + the forwarded traffic from the VMs in the local + virtual network will be allowed/disallowed in + remote virtual network. + type: boolean + allowGatewayTransit: + description: AllowGatewayTransit specifies if gateway + links can be used in remote virtual networking + to link to this virtual network. + type: boolean + allowVirtualNetworkAccess: + description: AllowVirtualNetworkAccess specifies + whether the VMs in the local virtual network space + would be able to access the VMs in remote virtual + network space. + type: boolean + useRemoteGateways: + description: UseRemoteGateways specifies if remote + gateways can be used on this virtual network. + If the flag is set to true, and allowGatewayTransit + on remote peering is also set to true, the virtual + network will use the gateways of the remote virtual + network for transit. Only one peering can have + this flag set to true. This flag cannot be set + if virtual network already has a gateway. + type: boolean + type: object + required: + - remoteVnetName + type: object + type: array + resourceGroup: + description: ResourceGroup is the name of the resource group + of the existing virtual network or the resource group where + a managed virtual network should be created. + type: string + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing the resource. + type: object + required: + - name + type: object + type: object + resourceGroup: + type: string + subscriptionID: + type: string + required: + - location + type: object + status: + description: AzureClusterStatus defines the observed state of AzureCluster. + properties: + conditions: + description: Conditions defines current service state of the AzureCluster. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: 'FailureDomains specifies the list of unique failure + domains for the location/region of the cluster. A FailureDomain + maps to Availability Zone with an Azure Region (if the region support + them). An Availability Zone is a separate data center within a region + and they can be used to ensure the cluster is more resilient to + failure. See: https://learn.microsoft.com/azure/reliability/availability-zones-overview + This list will be used by Cluster API to try and spread the machines + across the failure domains.' + type: object + longRunningOperationStates: + description: LongRunningOperationStates saves the states for Azure + long-running operations so they can be continued on the next reconciliation + loop. + items: + description: Future contains the data needed for an Azure long-running + operation to continue across reconcile loops. + properties: + data: + description: Data is the base64 url encoded json Azure AutoRest + Future. + type: string + name: + description: Name is the name of the Azure resource. Together + with the service name, this forms the unique identifier for + the future. + type: string + resourceGroup: + description: ResourceGroup is the Azure resource group for the + resource. + type: string + serviceName: + description: ServiceName is the name of the Azure service. Together + with the name of the resource, this forms the unique identifier + for the future. + type: string + type: + description: Type describes the type of future, such as update, + create, delete, etc. + type: string + required: + - data + - name + - serviceName + - type + type: object + type: array + ready: + description: Ready is true when the provider resource is ready. + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azureclustertemplates.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capz-webhook-service + namespace: capz-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureClusterTemplate + listKind: AzureClusterTemplateList + plural: azureclustertemplates + singular: azureclustertemplate + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AzureClusterTemplate is the Schema for the azureclustertemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureClusterTemplateSpec defines the desired state of AzureClusterTemplate. + properties: + template: + description: AzureClusterTemplateResource describes the data needed + to create an AzureCluster from a template. + properties: + spec: + description: AzureClusterTemplateResourceSpec specifies an Azure + cluster template resource. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to + add to Azure resources managed by the Azure provider, in + addition to the ones added by default. + type: object + azureEnvironment: + description: "AzureEnvironment is the name of the AzureCloud + to be used. The default value that would be used by most + users is \"AzurePublicCloud\", other values are: - ChinaCloud: + \"AzureChinaCloud\" - GermanCloud: \"AzureGermanCloud\" + - PublicCloud: \"AzurePublicCloud\" - USGovernmentCloud: + \"AzureUSGovernmentCloud\" \n Note that values other than + the default must also be accompanied by corresponding changes + to the aso-controller-settings Secret to configure ASO to + refer to the non-Public cloud. ASO currently does not support + referring to multiple different clouds in a single installation. + The following fields must be defined in the Secret: - AZURE_AUTHORITY_HOST + - AZURE_RESOURCE_MANAGER_ENDPOINT - AZURE_RESOURCE_MANAGER_AUDIENCE + \n See the [ASO docs] for more details. \n [ASO docs]: https://azure.github.io/azure-service-operator/guide/aso-controller-settings-options/" + type: string + bastionSpec: + description: BastionSpec encapsulates all things related to + the Bastions in the cluster. + properties: + azureBastion: + description: AzureBastionTemplateSpec specifies a template + for an Azure Bastion host. + properties: + subnet: + description: SubnetTemplateSpec specifies a template + for a subnet. + properties: + cidrBlocks: + description: CIDRBlocks defines the subnet's address + space, specified as one or more address prefixes + in CIDR notation. + items: + type: string + type: array + name: + description: Name defines a name for the subnet + resource. + type: string + natGateway: + description: NatGateway associated with this subnet. + properties: + name: + type: string + required: + - name + type: object + privateEndpoints: + description: PrivateEndpoints defines a list of + private endpoints that should be attached to + this subnet. + items: + description: PrivateEndpointSpec configures + an Azure Private Endpoint. + properties: + applicationSecurityGroups: + description: ApplicationSecurityGroups specifies + the Application security group in which + the private endpoint IP configuration + is included. + items: + type: string + type: array + customNetworkInterfaceName: + description: CustomNetworkInterfaceName + specifies the network interface name associated + with the private endpoint. + type: string + location: + description: Location specifies the region + to create the private endpoint. + type: string + manualApproval: + description: ManualApproval specifies if + the connection approval needs to be done + manually or not. Set it true when the + network admin does not have access to + approve connections to the remote resource. + Defaults to false. + type: boolean + name: + description: Name specifies the name of + the private endpoint. + type: string + privateIPAddresses: + description: PrivateIPAddresses specifies + the IP addresses for the network interface + associated with the private endpoint. + They have to be part of the subnet where + the private endpoint is linked. + items: + type: string + type: array + privateLinkServiceConnections: + description: PrivateLinkServiceConnections + specifies Private Link Service Connections + of the private endpoint. + items: + description: PrivateLinkServiceConnection + defines the specification for a private + link service connection associated with + a private endpoint. + properties: + groupIDs: + description: GroupIDs specifies the + ID(s) of the group(s) obtained from + the remote resource that this private + endpoint should connect to. + items: + type: string + type: array + name: + description: Name specifies the name + of the private link service. + type: string + privateLinkServiceID: + description: PrivateLinkServiceID + specifies the resource ID of the + private link service. + type: string + requestMessage: + description: RequestMessage specifies + a message passed to the owner of + the remote resource with the private + endpoint connection request. + maxLength: 140 + type: string + type: object + type: array + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + role: + description: Role defines the subnet role (eg. + Node, ControlPlane) + enum: + - node + - control-plane + - bastion + type: string + securityGroup: + description: SecurityGroup defines the NSG (network + security group) that should be attached to this + subnet. + properties: + securityRules: + description: SecurityRules is a slice of Azure + security rules for security groups. + items: + description: SecurityRule defines an Azure + security rule for security groups. + properties: + action: + default: Allow + description: Action specifies whether + network traffic is allowed or denied. + Can either be "Allow" or "Deny". Defaults + to "Allow". + enum: + - Allow + - Deny + type: string + description: + description: A description for this + rule. Restricted to 140 chars. + type: string + destination: + description: Destination is the destination + address prefix. CIDR or destination + IP range. Asterix '*' can also be + used to match all source IPs. Default + tags such as 'VirtualNetwork', 'AzureLoadBalancer' + and 'Internet' can also be used. + type: string + destinationPorts: + description: DestinationPorts specifies + the destination port or range. Integer + or range between 0 and 65535. Asterix + '*' can also be used to match all + ports. + type: string + direction: + description: Direction indicates whether + the rule applies to inbound, or outbound + traffic. "Inbound" or "Outbound". + enum: + - Inbound + - Outbound + type: string + name: + description: Name is a unique name within + the network security group. + type: string + priority: + description: Priority is a number between + 100 and 4096. Each rule should have + a unique value for priority. Rules + are processed in priority order, with + lower numbers processed before higher + numbers. Once traffic matches a rule, + processing stops. + format: int32 + type: integer + protocol: + description: Protocol specifies the + protocol type. "Tcp", "Udp", "Icmp", + or "*". + enum: + - Tcp + - Udp + - Icmp + - '*' + type: string + source: + description: Source specifies the CIDR + or source IP range. Asterix '*' can + also be used to match all source IPs. + Default tags such as 'VirtualNetwork', + 'AzureLoadBalancer' and 'Internet' + can also be used. If this is an ingress + rule, specifies where network traffic + originates from. + type: string + sourcePorts: + description: SourcePorts specifies source + port or range. Integer or range between + 0 and 65535. Asterix '*' can also + be used to match all ports. + type: string + sources: + description: Sources specifies The CIDR + or source IP ranges. + items: + type: string + type: array + required: + - description + - direction + - name + - protocol + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + tags: + additionalProperties: + type: string + description: Tags defines a map of tags. + type: object + type: object + serviceEndpoints: + description: ServiceEndpoints is a slice of Virtual + Network service endpoints to enable for the + subnets. + items: + description: ServiceEndpointSpec configures + an Azure Service Endpoint. + properties: + locations: + items: + type: string + type: array + service: + type: string + required: + - locations + - service + type: object + type: array + x-kubernetes-list-map-keys: + - service + x-kubernetes-list-type: map + required: + - name + - role + type: object + type: object + type: object + cloudProviderConfigOverrides: + description: 'CloudProviderConfigOverrides is an optional + set of configuration values that can be overridden in azure + cloud provider config. This is only a subset of options + that are available in azure cloud provider config. Some + values for the cloud provider config are inferred from other + parts of cluster api provider azure spec, and may not be + available for overrides. See: https://cloud-provider-azure.sigs.k8s.io/install/configs + Note: All cloud provider config values can be customized + by creating the secret beforehand. CloudProviderConfigOverrides + is only used when the secret is managed by the Azure Provider.' + properties: + backOffs: + description: BackOffConfig indicates the back-off config + options. + properties: + cloudProviderBackoff: + type: boolean + cloudProviderBackoffDuration: + type: integer + cloudProviderBackoffExponent: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + cloudProviderBackoffJitter: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + cloudProviderBackoffRetries: + type: integer + type: object + rateLimits: + items: + description: 'RateLimitSpec represents the rate limit + configuration for a particular kind of resource. Eg. + loadBalancerRateLimit is used to configure rate limits + for load balancers. This eventually gets converted + to CloudProviderRateLimitConfig that cloud-provider-azure + expects. See: https://github.com/kubernetes-sigs/cloud-provider-azure/blob/d585c2031925b39c925624302f22f8856e29e352/pkg/provider/azure_ratelimit.go#L25 + We cannot use CloudProviderRateLimitConfig directly + because floating point values are not supported in + controller-tools. See: https://github.com/kubernetes-sigs/controller-tools/issues/245' + properties: + config: + description: RateLimitConfig indicates the rate + limit config options. + properties: + cloudProviderRateLimit: + type: boolean + cloudProviderRateLimitBucket: + type: integer + cloudProviderRateLimitBucketWrite: + type: integer + cloudProviderRateLimitQPS: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + cloudProviderRateLimitQPSWrite: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + name: + description: Name is the name of the rate limit + spec. + enum: + - defaultRateLimit + - routeRateLimit + - subnetsRateLimit + - interfaceRateLimit + - routeTableRateLimit + - loadBalancerRateLimit + - publicIPAddressRateLimit + - securityGroupRateLimit + - virtualMachineRateLimit + - storageAccountRateLimit + - diskRateLimit + - snapshotRateLimit + - virtualMachineScaleSetRateLimit + - virtualMachineSizesRateLimit + - availabilitySetRateLimit + type: string + required: + - name + type: object + type: array + type: object + extendedLocation: + description: ExtendedLocation is an optional set of ExtendedLocation + properties for clusters on Azure public MEC. + properties: + name: + description: Name defines the name for the extended location. + type: string + type: + description: Type defines the type for the extended location. + enum: + - EdgeZone + type: string + required: + - name + - type + type: object + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster + API failure domains. It allows controllers to understand + how many failure domains a cluster can optionally span + across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes + an infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure + domain is suitable for use by control plane machines. + type: boolean + type: object + description: 'FailureDomains is a list of failure domains + in the cluster''s region, used to restrict eligibility to + host the control plane. A FailureDomain maps to an availability + zone, which is a separated group of datacenters within a + region. See: https://learn.microsoft.com/azure/reliability/availability-zones-overview' + type: object + identityRef: + description: IdentityRef is a reference to an AzureIdentity + to be used when reconciling this cluster + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + location: + type: string + networkSpec: + description: NetworkSpec encapsulates all things related to + Azure network. + properties: + apiServerLB: + description: APIServerLB is the configuration for the + control-plane load balancer. + properties: + idleTimeoutInMinutes: + description: IdleTimeoutInMinutes specifies the timeout + for the TCP idle connection. + format: int32 + type: integer + sku: + description: SKU defines an Azure load balancer SKU. + type: string + type: + description: LBType defines an Azure load balancer + Type. + type: string + type: object + controlPlaneOutboundLB: + description: ControlPlaneOutboundLB is the configuration + for the control-plane outbound load balancer. This is + different from APIServerLB, and is used only in private + clusters (optionally) for enabling outbound traffic. + properties: + idleTimeoutInMinutes: + description: IdleTimeoutInMinutes specifies the timeout + for the TCP idle connection. + format: int32 + type: integer + sku: + description: SKU defines an Azure load balancer SKU. + type: string + type: + description: LBType defines an Azure load balancer + Type. + type: string + type: object + nodeOutboundLB: + description: NodeOutboundLB is the configuration for the + node outbound load balancer. + properties: + idleTimeoutInMinutes: + description: IdleTimeoutInMinutes specifies the timeout + for the TCP idle connection. + format: int32 + type: integer + sku: + description: SKU defines an Azure load balancer SKU. + type: string + type: + description: LBType defines an Azure load balancer + Type. + type: string + type: object + privateDNSZoneName: + description: PrivateDNSZoneName defines the zone name + for the Azure Private DNS. + type: string + subnets: + description: Subnets is the configuration for the control-plane + subnet and the node subnet. + items: + description: SubnetTemplateSpec specifies a template + for a subnet. + properties: + cidrBlocks: + description: CIDRBlocks defines the subnet's address + space, specified as one or more address prefixes + in CIDR notation. + items: + type: string + type: array + name: + description: Name defines a name for the subnet + resource. + type: string + natGateway: + description: NatGateway associated with this subnet. + properties: + name: + type: string + required: + - name + type: object + privateEndpoints: + description: PrivateEndpoints defines a list of + private endpoints that should be attached to this + subnet. + items: + description: PrivateEndpointSpec configures an + Azure Private Endpoint. + properties: + applicationSecurityGroups: + description: ApplicationSecurityGroups specifies + the Application security group in which + the private endpoint IP configuration is + included. + items: + type: string + type: array + customNetworkInterfaceName: + description: CustomNetworkInterfaceName specifies + the network interface name associated with + the private endpoint. + type: string + location: + description: Location specifies the region + to create the private endpoint. + type: string + manualApproval: + description: ManualApproval specifies if the + connection approval needs to be done manually + or not. Set it true when the network admin + does not have access to approve connections + to the remote resource. Defaults to false. + type: boolean + name: + description: Name specifies the name of the + private endpoint. + type: string + privateIPAddresses: + description: PrivateIPAddresses specifies + the IP addresses for the network interface + associated with the private endpoint. They + have to be part of the subnet where the + private endpoint is linked. + items: + type: string + type: array + privateLinkServiceConnections: + description: PrivateLinkServiceConnections + specifies Private Link Service Connections + of the private endpoint. + items: + description: PrivateLinkServiceConnection + defines the specification for a private + link service connection associated with + a private endpoint. + properties: + groupIDs: + description: GroupIDs specifies the + ID(s) of the group(s) obtained from + the remote resource that this private + endpoint should connect to. + items: + type: string + type: array + name: + description: Name specifies the name + of the private link service. + type: string + privateLinkServiceID: + description: PrivateLinkServiceID specifies + the resource ID of the private link + service. + type: string + requestMessage: + description: RequestMessage specifies + a message passed to the owner of the + remote resource with the private endpoint + connection request. + maxLength: 140 + type: string + type: object + type: array + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + role: + description: Role defines the subnet role (eg. Node, + ControlPlane) + enum: + - node + - control-plane + - bastion + type: string + securityGroup: + description: SecurityGroup defines the NSG (network + security group) that should be attached to this + subnet. + properties: + securityRules: + description: SecurityRules is a slice of Azure + security rules for security groups. + items: + description: SecurityRule defines an Azure + security rule for security groups. + properties: + action: + default: Allow + description: Action specifies whether + network traffic is allowed or denied. + Can either be "Allow" or "Deny". Defaults + to "Allow". + enum: + - Allow + - Deny + type: string + description: + description: A description for this rule. + Restricted to 140 chars. + type: string + destination: + description: Destination is the destination + address prefix. CIDR or destination + IP range. Asterix '*' can also be used + to match all source IPs. Default tags + such as 'VirtualNetwork', 'AzureLoadBalancer' + and 'Internet' can also be used. + type: string + destinationPorts: + description: DestinationPorts specifies + the destination port or range. Integer + or range between 0 and 65535. Asterix + '*' can also be used to match all ports. + type: string + direction: + description: Direction indicates whether + the rule applies to inbound, or outbound + traffic. "Inbound" or "Outbound". + enum: + - Inbound + - Outbound + type: string + name: + description: Name is a unique name within + the network security group. + type: string + priority: + description: Priority is a number between + 100 and 4096. Each rule should have + a unique value for priority. Rules are + processed in priority order, with lower + numbers processed before higher numbers. + Once traffic matches a rule, processing + stops. + format: int32 + type: integer + protocol: + description: Protocol specifies the protocol + type. "Tcp", "Udp", "Icmp", or "*". + enum: + - Tcp + - Udp + - Icmp + - '*' + type: string + source: + description: Source specifies the CIDR + or source IP range. Asterix '*' can + also be used to match all source IPs. + Default tags such as 'VirtualNetwork', + 'AzureLoadBalancer' and 'Internet' can + also be used. If this is an ingress + rule, specifies where network traffic + originates from. + type: string + sourcePorts: + description: SourcePorts specifies source + port or range. Integer or range between + 0 and 65535. Asterix '*' can also be + used to match all ports. + type: string + sources: + description: Sources specifies The CIDR + or source IP ranges. + items: + type: string + type: array + required: + - description + - direction + - name + - protocol + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + tags: + additionalProperties: + type: string + description: Tags defines a map of tags. + type: object + type: object + serviceEndpoints: + description: ServiceEndpoints is a slice of Virtual + Network service endpoints to enable for the subnets. + items: + description: ServiceEndpointSpec configures an + Azure Service Endpoint. + properties: + locations: + items: + type: string + type: array + service: + type: string + required: + - locations + - service + type: object + type: array + x-kubernetes-list-map-keys: + - service + x-kubernetes-list-type: map + required: + - name + - role + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + vnet: + description: Vnet is the configuration for the Azure virtual + network. + properties: + cidrBlocks: + description: CIDRBlocks defines the virtual network's + address space, specified as one or more address + prefixes in CIDR notation. + items: + type: string + type: array + peerings: + description: Peerings defines a list of peerings of + the newly created virtual network with existing + virtual networks. + items: + description: VnetPeeringClassSpec specifies a virtual + network peering class. + properties: + forwardPeeringProperties: + description: ForwardPeeringProperties specifies + VnetPeeringProperties for peering from the + cluster's virtual network to the remote virtual + network. + properties: + allowForwardedTraffic: + description: AllowForwardedTraffic specifies + whether the forwarded traffic from the + VMs in the local virtual network will + be allowed/disallowed in remote virtual + network. + type: boolean + allowGatewayTransit: + description: AllowGatewayTransit specifies + if gateway links can be used in remote + virtual networking to link to this virtual + network. + type: boolean + allowVirtualNetworkAccess: + description: AllowVirtualNetworkAccess specifies + whether the VMs in the local virtual network + space would be able to access the VMs + in remote virtual network space. + type: boolean + useRemoteGateways: + description: UseRemoteGateways specifies + if remote gateways can be used on this + virtual network. If the flag is set to + true, and allowGatewayTransit on remote + peering is also set to true, the virtual + network will use the gateways of the remote + virtual network for transit. Only one + peering can have this flag set to true. + This flag cannot be set if virtual network + already has a gateway. + type: boolean + type: object + remoteVnetName: + description: RemoteVnetName defines name of + the remote virtual network. + type: string + resourceGroup: + description: ResourceGroup is the resource group + name of the remote virtual network. + type: string + reversePeeringProperties: + description: ReversePeeringProperties specifies + VnetPeeringProperties for peering from the + remote virtual network to the cluster's virtual + network. + properties: + allowForwardedTraffic: + description: AllowForwardedTraffic specifies + whether the forwarded traffic from the + VMs in the local virtual network will + be allowed/disallowed in remote virtual + network. + type: boolean + allowGatewayTransit: + description: AllowGatewayTransit specifies + if gateway links can be used in remote + virtual networking to link to this virtual + network. + type: boolean + allowVirtualNetworkAccess: + description: AllowVirtualNetworkAccess specifies + whether the VMs in the local virtual network + space would be able to access the VMs + in remote virtual network space. + type: boolean + useRemoteGateways: + description: UseRemoteGateways specifies + if remote gateways can be used on this + virtual network. If the flag is set to + true, and allowGatewayTransit on remote + peering is also set to true, the virtual + network will use the gateways of the remote + virtual network for transit. Only one + peering can have this flag set to true. + This flag cannot be set if virtual network + already has a gateway. + type: boolean + type: object + required: + - remoteVnetName + type: object + type: array + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing + the resource. + type: object + type: object + type: object + subscriptionID: + type: string + required: + - location + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremachinepoolmachines.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capz-webhook-service + namespace: capz-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureMachinePoolMachine + listKind: AzureMachinePoolMachineList + plural: azuremachinepoolmachines + shortNames: + - ampm + singular: azuremachinepoolmachine + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Kubernetes version + jsonPath: .status.version + name: Version + type: string + - description: Flag indicating infrastructure is successfully provisioned + jsonPath: .status.ready + name: Ready + type: string + - description: Azure VMSS VM provisioning state + jsonPath: .status.provisioningState + name: State + type: string + - description: Cluster to which this AzureMachinePoolMachine belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + priority: 1 + type: string + - description: Azure VMSS VM ID + jsonPath: .spec.providerID + name: VMSS VM ID + priority: 1 + type: string + - description: Time duration since creation of this AzureMachinePoolMachine + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: AzureMachinePoolMachine is the Schema for the azuremachinepoolmachines + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureMachinePoolMachineSpec defines the desired state of + AzureMachinePoolMachine. + properties: + instanceID: + description: InstanceID is the identification of the Machine Instance + within the VMSS + type: string + providerID: + description: ProviderID is the identification ID of the Virtual Machine + Scale Set + type: string + required: + - providerID + type: object + status: + description: AzureMachinePoolMachineStatus defines the observed state + of AzureMachinePoolMachine. + properties: + conditions: + description: Conditions defines current service state of the AzureMachinePool. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the MachinePool and will contain + a more verbose string suitable for logging and human consumption. + \n Any transient errors that occur during the reconciliation of + MachinePools can be added as events to the MachinePool object and/or + logged in the controller's output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the MachinePool machine and will + contain a succinct value suitable for machine interpretation. \n + Any transient errors that occur during the reconciliation of MachinePools + can be added as events to the MachinePool object and/or logged in + the controller's output." + type: string + instanceName: + description: InstanceName is the name of the Machine Instance within + the VMSS + type: string + latestModelApplied: + description: LatestModelApplied indicates the instance is running + the most up-to-date VMSS model. A VMSS model describes the image + version the VM is running. If the instance is not running the latest + model, it means the instance may not be running the version of Kubernetes + the Machine Pool has specified and needs to be updated. + type: boolean + longRunningOperationStates: + description: LongRunningOperationStates saves the state for Azure + long running operations so they can be continued on the next reconciliation + loop. + items: + description: Future contains the data needed for an Azure long-running + operation to continue across reconcile loops. + properties: + data: + description: Data is the base64 url encoded json Azure AutoRest + Future. + type: string + name: + description: Name is the name of the Azure resource. Together + with the service name, this forms the unique identifier for + the future. + type: string + resourceGroup: + description: ResourceGroup is the Azure resource group for the + resource. + type: string + serviceName: + description: ServiceName is the name of the Azure service. Together + with the name of the resource, this forms the unique identifier + for the future. + type: string + type: + description: Type describes the type of future, such as update, + create, delete, etc. + type: string + required: + - data + - name + - serviceName + - type + type: object + type: array + nodeRef: + description: NodeRef will point to the corresponding Node if it exists. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + provisioningState: + description: ProvisioningState is the provisioning state of the Azure + virtual machine instance. + type: string + ready: + description: Ready is true when the provider resource is ready. + type: boolean + version: + description: Version defines the Kubernetes version for the VM Instance + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremachinepools.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capz-webhook-service + namespace: capz-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureMachinePool + listKind: AzureMachinePoolList + plural: azuremachinepools + shortNames: + - amp + singular: azuremachinepool + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: AzureMachinePool replicas count + jsonPath: .status.replicas + name: Replicas + type: string + - description: AzureMachinePool replicas count + jsonPath: .status.ready + name: Ready + type: string + - description: Azure VMSS provisioning state + jsonPath: .status.provisioningState + name: State + type: string + - description: Cluster to which this AzureMachinePool belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + priority: 1 + type: string + - description: MachinePool object to which this AzureMachinePool belongs + jsonPath: .metadata.ownerReferences[?(@.kind=="MachinePool")].name + name: MachinePool + priority: 1 + type: string + - description: Azure VMSS ID + jsonPath: .spec.providerID + name: VMSS ID + priority: 1 + type: string + - description: Azure VM Size + jsonPath: .spec.template.vmSize + name: VM Size + priority: 1 + type: string + - description: Time duration since creation of this AzureMachinePool + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: AzureMachinePool is the Schema for the azuremachinepools API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureMachinePoolSpec defines the desired state of AzureMachinePool. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to an + instance, in addition to the ones added by default by the Azure + provider. If both the AzureCluster and the AzureMachine specify + the same tag name with different values, the AzureMachine's value + takes precedence. + type: object + identity: + default: None + description: Identity is the type of identity used for the Virtual + Machine Scale Set. The type 'SystemAssigned' is an implicitly created + identity. The generated identity will be assigned a Subscription + contributor role. The type 'UserAssigned' is a standalone Azure + resource provided by the user and assigned to the VM + enum: + - None + - SystemAssigned + - UserAssigned + type: string + location: + description: Location is the Azure region location e.g. westus2 + type: string + orchestrationMode: + default: Uniform + description: OrchestrationMode specifies the orchestration mode for + the Virtual Machine Scale Set + enum: + - Flexible + - Uniform + type: string + providerID: + description: ProviderID is the identification ID of the Virtual Machine + Scale Set + type: string + providerIDList: + description: ProviderIDList are the identification IDs of machine + instances provided by the provider. This field must match the provider + IDs as seen on the node objects corresponding to a machine pool's + machine instances. + items: + type: string + type: array + roleAssignmentName: + description: 'Deprecated: RoleAssignmentName should be set in the + systemAssignedIdentityRole field.' + type: string + strategy: + default: + rollingUpdate: + deletePolicy: Oldest + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + description: The deployment strategy to use to replace existing AzureMachinePoolMachines + with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only if MachineDeploymentStrategyType + = RollingUpdate. + properties: + deletePolicy: + default: Oldest + description: DeletePolicy defines the policy used by the MachineDeployment + to identify nodes to delete when downscaling. Valid values + are "Random, "Newest", "Oldest" When no value is supplied, + the default is Oldest + enum: + - Random + - Newest + - Oldest + type: string + maxSurge: + anyOf: + - type: integer + - type: string + default: 1 + description: 'The maximum number of machines that can be scheduled + above the desired number of machines. Value can be an absolute + number (ex: 5) or a percentage of desired machines (ex: + 10%). This can not be 0 if MaxUnavailable is 0. Absolute + number is calculated from percentage by rounding up. Defaults + to 1. Example: when this is set to 30%, the new MachineSet + can be scaled up immediately when the rolling update starts, + such that the total number of old and new machines do not + exceed 130% of desired machines. Once old machines have + been killed, new MachineSet can be scaled up further, ensuring + that total number of machines running at any time during + the update is at most 130% of desired machines.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + default: 0 + description: 'The maximum number of machines that can be unavailable + during the update. Value can be an absolute number (ex: + 5) or a percentage of desired machines (ex: 10%). Absolute + number is calculated from percentage by rounding down. This + can not be 0 if MaxSurge is 0. Defaults to 0. Example: when + this is set to 30%, the old MachineSet can be scaled down + to 70% of desired machines immediately when the rolling + update starts. Once new machines are ready, old MachineSet + can be scaled down further, followed by scaling up the new + MachineSet, ensuring that the total number of machines available + at all times during the update is at least 70% of desired + machines.' + x-kubernetes-int-or-string: true + type: object + type: + default: RollingUpdate + description: Type of deployment. Currently the only supported + strategy is RollingUpdate + enum: + - RollingUpdate + type: string + type: object + systemAssignedIdentityRole: + description: SystemAssignedIdentityRole defines the role and scope + to assign to the system assigned identity. + properties: + definitionID: + description: 'DefinitionID is the ID of the role definition to + create for a system assigned identity. It can be an Azure built-in + role or a custom role. Refer to built-in roles: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles' + type: string + name: + description: Name is the name of the role assignment to create + for a system assigned identity. It can be any valid UUID. If + not specified, a random UUID will be generated. + type: string + scope: + description: Scope is the scope that the role assignment or definition + applies to. The scope can be any REST resource instance. If + not specified, the scope will be the subscription. + type: string + type: object + template: + description: Template contains the details used to build a replica + virtual machine within the Machine Pool + properties: + acceleratedNetworking: + description: 'Deprecated: AcceleratedNetworking should be set + in the networkInterfaces field.' + type: boolean + dataDisks: + description: DataDisks specifies the list of data disks to be + created for a Virtual Machine + items: + description: DataDisk specifies the parameters that are used + to add one or more data disks to the machine. + properties: + cachingType: + description: CachingType specifies the caching requirements. + enum: + - None + - ReadOnly + - ReadWrite + type: string + diskSizeGB: + description: DiskSizeGB is the size in GB to assign to the + data disk. + format: int32 + type: integer + lun: + description: Lun Specifies the logical unit number of the + data disk. This value is used to identify data disks within + the VM and therefore must be unique for each data disk + attached to a VM. The value must be between 0 and 63. + format: int32 + type: integer + managedDisk: + description: ManagedDisk specifies the Managed Disk parameters + for the data disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed disk. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityProfile: + description: SecurityProfile specifies the security + profile for the managed disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed + disk that is used for Customer Managed Key encrypted + ConfidentialVM OS Disk and VMGuest blob. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityEncryptionType: + description: SecurityEncryptionType specifies the + encryption type of the managed disk. It is set + to DiskWithVMGuestState to encrypt the managed + disk along with the VMGuestState blob, and to + VMGuestStateOnly to encrypt the VMGuestState blob + only. When set to VMGuestStateOnly, VirtualizedTrustedPlatformModule + should be set to Enabled. When set to DiskWithVMGuestState, + EncryptionAtHost should be disabled, SecureBoot + and VirtualizedTrustedPlatformModule should be + set to Enabled. It can be set only for Confidential + VMs. + enum: + - VMGuestStateOnly + - DiskWithVMGuestState + type: string + type: object + storageAccountType: + type: string + type: object + nameSuffix: + description: NameSuffix is the suffix to be appended to + the machine name to generate the disk name. Each disk + name will be in format _. + type: string + required: + - diskSizeGB + - nameSuffix + type: object + type: array + diagnostics: + description: Diagnostics specifies the diagnostics settings for + a virtual machine. If not specified then Boot diagnostics (Managed) + will be enabled. + properties: + boot: + description: Boot configures the boot diagnostics settings + for the virtual machine. This allows to configure capturing + serial output from the virtual machine on boot. This is + useful for debugging software based launch issues. If not + specified then Boot diagnostics (Managed) will be enabled. + properties: + storageAccountType: + description: StorageAccountType determines if the storage + account for storing the diagnostics data should be disabled + (Disabled), provisioned by Azure (Managed) or by the + user (UserManaged). + enum: + - Managed + - UserManaged + - Disabled + type: string + userManaged: + description: UserManaged provides a reference to the user-managed + storage account. + properties: + storageAccountURI: + description: 'StorageAccountURI is the URI of the + user-managed storage account. The URI typically + will be `https://.blob.core.windows.net/` + but may differ if you are using Azure DNS zone endpoints. + You can find the correct endpoint by looking for + the Blob Primary Endpoint in the endpoints tab in + the Azure console or with the CLI by issuing `az + storage account list --query=''[].{name: name, "resource + group": resourceGroup, "blob endpoint": primaryEndpoints.blob}''`.' + maxLength: 1024 + pattern: ^https:// + type: string + required: + - storageAccountURI + type: object + required: + - storageAccountType + type: object + type: object + image: + description: Image is used to provide details of an image to use + during VM creation. If image details are omitted the image will + default the Azure Marketplace "capi" offer, which is based on + Ubuntu. + properties: + computeGallery: + description: ComputeGallery specifies an image to use from + the Azure Compute Gallery + properties: + gallery: + description: Gallery specifies the name of the compute + image gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + plan: + description: Plan contains plan information. + properties: + offer: + description: Offer specifies the name of a group of + related images created by the publisher. For example, + UbuntuServer, WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization + that created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, + such as a major release of a distribution. For example, + 18.04-LTS, 2019-Datacenter + minLength: 1 + type: string + required: + - offer + - publisher + - sku + type: object + resourceGroup: + description: ResourceGroup specifies the resource group + containing the private compute gallery. + type: string + subscriptionID: + description: SubscriptionID is the identifier of the subscription + that contains the private compute gallery. + type: string + version: + description: Version specifies the version of the marketplace + image. The allowed formats are Major.Minor.Build or + 'latest'. Major, Minor, and Build are decimal numbers. + Specify 'latest' to use the latest version of an image + available at deploy time. Even if you use 'latest', + the VM image will not automatically update after deploy + time even if a new version becomes available. + minLength: 1 + type: string + required: + - gallery + - name + - version + type: object + id: + description: ID specifies an image to use by ID + type: string + marketplace: + description: Marketplace specifies an image to use from the + Azure Marketplace + properties: + offer: + description: Offer specifies the name of a group of related + images created by the publisher. For example, UbuntuServer, + WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization + that created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, such + as a major release of a distribution. For example, 18.04-LTS, + 2019-Datacenter + minLength: 1 + type: string + thirdPartyImage: + default: false + description: ThirdPartyImage indicates the image is published + by a third party publisher and a Plan will be generated + for it. + type: boolean + version: + description: Version specifies the version of an image + sku. The allowed formats are Major.Minor.Build or 'latest'. + Major, Minor, and Build are decimal numbers. Specify + 'latest' to use the latest version of an image available + at deploy time. Even if you use 'latest', the VM image + will not automatically update after deploy time even + if a new version becomes available. + minLength: 1 + type: string + required: + - offer + - publisher + - sku + - version + type: object + sharedGallery: + description: 'SharedGallery specifies an image to use from + an Azure Shared Image Gallery Deprecated: use ComputeGallery + instead.' + properties: + gallery: + description: Gallery specifies the name of the shared + image gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + offer: + description: Offer specifies the name of a group of related + images created by the publisher. For example, UbuntuServer, + WindowsServer This value will be used to add a `Plan` + in the API request when creating the VM/VMSS resource. + This is needed when the source image from which this + SIG image was built requires the `Plan` to be used. + type: string + publisher: + description: Publisher is the name of the organization + that created the image. This value will be used to add + a `Plan` in the API request when creating the VM/VMSS + resource. This is needed when the source image from + which this SIG image was built requires the `Plan` to + be used. + type: string + resourceGroup: + description: ResourceGroup specifies the resource group + containing the shared image gallery + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, such + as a major release of a distribution. For example, 18.04-LTS, + 2019-Datacenter This value will be used to add a `Plan` + in the API request when creating the VM/VMSS resource. + This is needed when the source image from which this + SIG image was built requires the `Plan` to be used. + type: string + subscriptionID: + description: SubscriptionID is the identifier of the subscription + that contains the shared image gallery + minLength: 1 + type: string + version: + description: Version specifies the version of the marketplace + image. The allowed formats are Major.Minor.Build or + 'latest'. Major, Minor, and Build are decimal numbers. + Specify 'latest' to use the latest version of an image + available at deploy time. Even if you use 'latest', + the VM image will not automatically update after deploy + time even if a new version becomes available. + minLength: 1 + type: string + required: + - gallery + - name + - resourceGroup + - subscriptionID + - version + type: object + type: object + networkInterfaces: + description: NetworkInterfaces specifies a list of network interface + configurations. If left unspecified, the VM will get a single + network interface with a single IPConfig in the subnet specified + in the cluster's node subnet field. The primary interface will + be the first networkInterface specified (index 0) in the list. + items: + description: NetworkInterface defines a network interface. + properties: + acceleratedNetworking: + description: AcceleratedNetworking enables or disables Azure + accelerated networking. If omitted, it will be set based + on whether the requested VMSize supports accelerated networking. + If AcceleratedNetworking is set to true with a VMSize + that does not support it, Azure will return an error. + type: boolean + privateIPConfigs: + description: PrivateIPConfigs specifies the number of private + IP addresses to attach to the interface. Defaults to 1 + if not specified. + type: integer + subnetName: + description: SubnetName specifies the subnet in which the + new network interface will be placed. + type: string + type: object + type: array + osDisk: + description: OSDisk contains the operating system disk information + for a Virtual Machine + properties: + cachingType: + description: CachingType specifies the caching requirements. + enum: + - None + - ReadOnly + - ReadWrite + type: string + diffDiskSettings: + description: DiffDiskSettings describe ephemeral disk settings + for the os disk. + properties: + option: + description: Option enables ephemeral OS when set to "Local" + See https://learn.microsoft.com/azure/virtual-machines/ephemeral-os-disks + for full details + enum: + - Local + type: string + required: + - option + type: object + diskSizeGB: + description: DiskSizeGB is the size in GB to assign to the + OS disk. Will have a default of 30GB if not provided + format: int32 + type: integer + managedDisk: + description: ManagedDisk specifies the Managed Disk parameters + for the OS disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed disk. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityProfile: + description: SecurityProfile specifies the security profile + for the managed disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed + disk that is used for Customer Managed Key encrypted + ConfidentialVM OS Disk and VMGuest blob. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityEncryptionType: + description: SecurityEncryptionType specifies the + encryption type of the managed disk. It is set to + DiskWithVMGuestState to encrypt the managed disk + along with the VMGuestState blob, and to VMGuestStateOnly + to encrypt the VMGuestState blob only. When set + to VMGuestStateOnly, VirtualizedTrustedPlatformModule + should be set to Enabled. When set to DiskWithVMGuestState, + EncryptionAtHost should be disabled, SecureBoot + and VirtualizedTrustedPlatformModule should be set + to Enabled. It can be set only for Confidential + VMs. + enum: + - VMGuestStateOnly + - DiskWithVMGuestState + type: string + type: object + storageAccountType: + type: string + type: object + osType: + type: string + required: + - osType + type: object + securityProfile: + description: SecurityProfile specifies the Security profile settings + for a virtual machine. + properties: + encryptionAtHost: + description: This field indicates whether Host Encryption + should be enabled or disabled for a virtual machine or virtual + machine scale set. This should be disabled when SecurityEncryptionType + is set to DiskWithVMGuestState. Default is disabled. + type: boolean + securityType: + description: 'SecurityType specifies the SecurityType of the + virtual machine. It has to be set to any specified value + to enable UefiSettings. The default behavior is: UefiSettings + will not be enabled unless this property is set.' + enum: + - ConfidentialVM + - TrustedLaunch + type: string + uefiSettings: + description: UefiSettings specifies the security settings + like secure boot and vTPM used while creating the virtual + machine. + properties: + secureBootEnabled: + description: SecureBootEnabled specifies whether secure + boot should be enabled on the virtual machine. Secure + Boot verifies the digital signature of all boot components + and halts the boot process if signature verification + fails. If omitted, the platform chooses a default, which + is subject to change over time, currently that default + is false. + type: boolean + vTpmEnabled: + description: VTpmEnabled specifies whether vTPM should + be enabled on the virtual machine. When true it enables + the virtualized trusted platform module measurements + to create a known good boot integrity policy baseline. + The integrity policy baseline is used for comparison + with measurements from subsequent VM boots to determine + if anything has changed. This is required to be set + to Enabled if SecurityEncryptionType is defined. If + omitted, the platform chooses a default, which is subject + to change over time, currently that default is false. + type: boolean + type: object + type: object + spotVMOptions: + description: SpotVMOptions allows the ability to specify the Machine + should use a Spot VM + properties: + evictionPolicy: + description: EvictionPolicy defines the behavior of the virtual + machine when it is evicted. It can be either Delete or Deallocate. + enum: + - Deallocate + - Delete + type: string + maxPrice: + anyOf: + - type: integer + - type: string + description: MaxPrice defines the maximum price the user is + willing to pay for Spot VM instances + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + sshPublicKey: + description: SSHPublicKey is the SSH public key string, base64-encoded + to add to a Virtual Machine. Linux only. Refer to documentation + on how to set up SSH access on Windows instances. + type: string + subnetName: + description: 'Deprecated: SubnetName should be set in the networkInterfaces + field.' + type: string + terminateNotificationTimeout: + description: TerminateNotificationTimeout enables or disables + VMSS scheduled events termination notification with specified + timeout allowed values are between 5 and 15 (mins) + type: integer + vmExtensions: + description: VMExtensions specifies a list of extensions to be + added to the scale set. + items: + description: VMExtension specifies the parameters for a custom + VM extension. + properties: + name: + description: Name is the name of the extension. + type: string + protectedSettings: + additionalProperties: + type: string + description: ProtectedSettings is a JSON formatted protected + settings for the extension. + type: object + publisher: + description: Publisher is the name of the extension handler + publisher. + type: string + settings: + additionalProperties: + type: string + description: Settings is a JSON formatted public settings + for the extension. + type: object + version: + description: Version specifies the version of the script + handler. + type: string + required: + - name + - publisher + - version + type: object + type: array + vmSize: + description: VMSize is the size of the Virtual Machine to build. + See https://learn.microsoft.com/rest/api/compute/virtualmachines/createorupdate#virtualmachinesizetypes + type: string + required: + - osDisk + - vmSize + type: object + userAssignedIdentities: + description: UserAssignedIdentities is a list of standalone Azure + identities provided by the user The lifecycle of a user-assigned + identity is managed separately from the lifecycle of the AzureMachinePool. + See https://learn.microsoft.com/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-cli + items: + description: UserAssignedIdentity defines the user-assigned identities + provided by the user to be assigned to Azure resources. + properties: + providerID: + description: 'ProviderID is the identification ID of the user-assigned + Identity, the format of an identity is: ''azure:///subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''' + type: string + required: + - providerID + type: object + type: array + required: + - location + - template + type: object + status: + description: AzureMachinePoolStatus defines the observed state of AzureMachinePool. + properties: + conditions: + description: Conditions defines current service state of the AzureMachinePool. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the MachinePool and will contain + a more verbose string suitable for logging and human consumption. + \n This field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the MachinePool's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of MachinePools can be added as + events to the MachinePool object and/or logged in the controller's + output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the MachinePool and will contain + a succinct value suitable for machine interpretation. \n This field + should not be set for transitive errors that a controller faces + that are expected to be fixed automatically over time (like service + outages), but instead indicate that something is fundamentally wrong + with the MachinePool's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of MachinePools can be added as + events to the MachinePool object and/or logged in the controller's + output." + type: string + image: + description: Image is the current image used in the AzureMachinePool. + When the spec image is nil, this image is populated with the details + of the defaulted Azure Marketplace "capi" offer. + properties: + computeGallery: + description: ComputeGallery specifies an image to use from the + Azure Compute Gallery + properties: + gallery: + description: Gallery specifies the name of the compute image + gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + plan: + description: Plan contains plan information. + properties: + offer: + description: Offer specifies the name of a group of related + images created by the publisher. For example, UbuntuServer, + WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization + that created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, such + as a major release of a distribution. For example, 18.04-LTS, + 2019-Datacenter + minLength: 1 + type: string + required: + - offer + - publisher + - sku + type: object + resourceGroup: + description: ResourceGroup specifies the resource group containing + the private compute gallery. + type: string + subscriptionID: + description: SubscriptionID is the identifier of the subscription + that contains the private compute gallery. + type: string + version: + description: Version specifies the version of the marketplace + image. The allowed formats are Major.Minor.Build or 'latest'. + Major, Minor, and Build are decimal numbers. Specify 'latest' + to use the latest version of an image available at deploy + time. Even if you use 'latest', the VM image will not automatically + update after deploy time even if a new version becomes available. + minLength: 1 + type: string + required: + - gallery + - name + - version + type: object + id: + description: ID specifies an image to use by ID + type: string + marketplace: + description: Marketplace specifies an image to use from the Azure + Marketplace + properties: + offer: + description: Offer specifies the name of a group of related + images created by the publisher. For example, UbuntuServer, + WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization that + created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, such as + a major release of a distribution. For example, 18.04-LTS, + 2019-Datacenter + minLength: 1 + type: string + thirdPartyImage: + default: false + description: ThirdPartyImage indicates the image is published + by a third party publisher and a Plan will be generated + for it. + type: boolean + version: + description: Version specifies the version of an image sku. + The allowed formats are Major.Minor.Build or 'latest'. Major, + Minor, and Build are decimal numbers. Specify 'latest' to + use the latest version of an image available at deploy time. + Even if you use 'latest', the VM image will not automatically + update after deploy time even if a new version becomes available. + minLength: 1 + type: string + required: + - offer + - publisher + - sku + - version + type: object + sharedGallery: + description: 'SharedGallery specifies an image to use from an + Azure Shared Image Gallery Deprecated: use ComputeGallery instead.' + properties: + gallery: + description: Gallery specifies the name of the shared image + gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + offer: + description: Offer specifies the name of a group of related + images created by the publisher. For example, UbuntuServer, + WindowsServer This value will be used to add a `Plan` in + the API request when creating the VM/VMSS resource. This + is needed when the source image from which this SIG image + was built requires the `Plan` to be used. + type: string + publisher: + description: Publisher is the name of the organization that + created the image. This value will be used to add a `Plan` + in the API request when creating the VM/VMSS resource. This + is needed when the source image from which this SIG image + was built requires the `Plan` to be used. + type: string + resourceGroup: + description: ResourceGroup specifies the resource group containing + the shared image gallery + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, such as + a major release of a distribution. For example, 18.04-LTS, + 2019-Datacenter This value will be used to add a `Plan` + in the API request when creating the VM/VMSS resource. This + is needed when the source image from which this SIG image + was built requires the `Plan` to be used. + type: string + subscriptionID: + description: SubscriptionID is the identifier of the subscription + that contains the shared image gallery + minLength: 1 + type: string + version: + description: Version specifies the version of the marketplace + image. The allowed formats are Major.Minor.Build or 'latest'. + Major, Minor, and Build are decimal numbers. Specify 'latest' + to use the latest version of an image available at deploy + time. Even if you use 'latest', the VM image will not automatically + update after deploy time even if a new version becomes available. + minLength: 1 + type: string + required: + - gallery + - name + - resourceGroup + - subscriptionID + - version + type: object + type: object + infrastructureMachineKind: + description: InfrastructureMachineKind is the kind of the infrastructure + resources behind MachinePool Machines. + type: string + instances: + description: Instances is the VM instance status for each VM in the + VMSS + items: + description: AzureMachinePoolInstanceStatus provides status information + for each instance in the VMSS. + properties: + instanceID: + description: InstanceID is the identification of the Machine + Instance within the VMSS + type: string + instanceName: + description: InstanceName is the name of the Machine Instance + within the VMSS + type: string + latestModelApplied: + description: LatestModelApplied indicates the instance is running + the most up-to-date VMSS model. A VMSS model describes the + image version the VM is running. If the instance is not running + the latest model, it means the instance may not be running + the version of Kubernetes the Machine Pool has specified and + needs to be updated. + type: boolean + providerID: + description: ProviderID is the provider identification of the + VMSS Instance + type: string + provisioningState: + description: ProvisioningState is the provisioning state of + the Azure virtual machine instance. + type: string + version: + description: Version defines the Kubernetes version for the + VM Instance + type: string + required: + - latestModelApplied + type: object + type: array + longRunningOperationStates: + description: LongRunningOperationStates saves the state for Azure + long-running operations so they can be continued on the next reconciliation + loop. + items: + description: Future contains the data needed for an Azure long-running + operation to continue across reconcile loops. + properties: + data: + description: Data is the base64 url encoded json Azure AutoRest + Future. + type: string + name: + description: Name is the name of the Azure resource. Together + with the service name, this forms the unique identifier for + the future. + type: string + resourceGroup: + description: ResourceGroup is the Azure resource group for the + resource. + type: string + serviceName: + description: ServiceName is the name of the Azure service. Together + with the name of the resource, this forms the unique identifier + for the future. + type: string + type: + description: Type describes the type of future, such as update, + create, delete, etc. + type: string + required: + - data + - name + - serviceName + - type + type: object + type: array + provisioningState: + description: ProvisioningState is the provisioning state of the Azure + virtual machine. + type: string + ready: + description: Ready is true when the provider resource is ready. + type: boolean + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + version: + description: Version is the Kubernetes version for the current VMSS + model + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremachines.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capz-webhook-service + namespace: capz-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureMachine + listKind: AzureMachineList + plural: azuremachines + singular: azuremachine + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + priority: 1 + type: string + - description: Azure VM provisioning state + jsonPath: .status.vmState + name: State + type: string + - description: Cluster to which this AzureMachine belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + priority: 1 + type: string + - description: Machine object to which this AzureMachine belongs + jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name + name: Machine + priority: 1 + type: string + - description: Azure VM ID + jsonPath: .spec.providerID + name: VM ID + priority: 1 + type: string + - description: Azure VM Size + jsonPath: .spec.vmSize + name: VM Size + priority: 1 + type: string + - description: Time duration since creation of this AzureMachine + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: AzureMachine is the Schema for the azuremachines API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureMachineSpec defines the desired state of AzureMachine. + properties: + acceleratedNetworking: + description: 'Deprecated: AcceleratedNetworking should be set in the + networkInterfaces field.' + type: boolean + additionalCapabilities: + description: AdditionalCapabilities specifies additional capabilities + enabled or disabled on the virtual machine. + properties: + ultraSSDEnabled: + description: UltraSSDEnabled enables or disables Azure UltraSSD + capability for the virtual machine. Defaults to true if Ultra + SSD data disks are specified, otherwise it doesn't set the capability + on the VM. + type: boolean + type: object + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to an + instance, in addition to the ones added by default by the Azure + provider. If both the AzureCluster and the AzureMachine specify + the same tag name with different values, the AzureMachine's value + takes precedence. + type: object + allocatePublicIP: + description: AllocatePublicIP allows the ability to create dynamic + public ips for machines where this value is true. + type: boolean + dataDisks: + description: DataDisk specifies the parameters that are used to add + one or more data disks to the machine + items: + description: DataDisk specifies the parameters that are used to + add one or more data disks to the machine. + properties: + cachingType: + description: CachingType specifies the caching requirements. + enum: + - None + - ReadOnly + - ReadWrite + type: string + diskSizeGB: + description: DiskSizeGB is the size in GB to assign to the data + disk. + format: int32 + type: integer + lun: + description: Lun Specifies the logical unit number of the data + disk. This value is used to identify data disks within the + VM and therefore must be unique for each data disk attached + to a VM. The value must be between 0 and 63. + format: int32 + type: integer + managedDisk: + description: ManagedDisk specifies the Managed Disk parameters + for the data disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed disk. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityProfile: + description: SecurityProfile specifies the security profile + for the managed disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed disk + that is used for Customer Managed Key encrypted ConfidentialVM + OS Disk and VMGuest blob. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityEncryptionType: + description: SecurityEncryptionType specifies the encryption + type of the managed disk. It is set to DiskWithVMGuestState + to encrypt the managed disk along with the VMGuestState + blob, and to VMGuestStateOnly to encrypt the VMGuestState + blob only. When set to VMGuestStateOnly, VirtualizedTrustedPlatformModule + should be set to Enabled. When set to DiskWithVMGuestState, + EncryptionAtHost should be disabled, SecureBoot and + VirtualizedTrustedPlatformModule should be set to + Enabled. It can be set only for Confidential VMs. + enum: + - VMGuestStateOnly + - DiskWithVMGuestState + type: string + type: object + storageAccountType: + type: string + type: object + nameSuffix: + description: NameSuffix is the suffix to be appended to the + machine name to generate the disk name. Each disk name will + be in format _. + type: string + required: + - diskSizeGB + - nameSuffix + type: object + type: array + diagnostics: + description: Diagnostics specifies the diagnostics settings for a + virtual machine. If not specified then Boot diagnostics (Managed) + will be enabled. + properties: + boot: + description: Boot configures the boot diagnostics settings for + the virtual machine. This allows to configure capturing serial + output from the virtual machine on boot. This is useful for + debugging software based launch issues. If not specified then + Boot diagnostics (Managed) will be enabled. + properties: + storageAccountType: + description: StorageAccountType determines if the storage + account for storing the diagnostics data should be disabled + (Disabled), provisioned by Azure (Managed) or by the user + (UserManaged). + enum: + - Managed + - UserManaged + - Disabled + type: string + userManaged: + description: UserManaged provides a reference to the user-managed + storage account. + properties: + storageAccountURI: + description: 'StorageAccountURI is the URI of the user-managed + storage account. The URI typically will be `https://.blob.core.windows.net/` + but may differ if you are using Azure DNS zone endpoints. + You can find the correct endpoint by looking for the + Blob Primary Endpoint in the endpoints tab in the Azure + console or with the CLI by issuing `az storage account + list --query=''[].{name: name, "resource group": resourceGroup, + "blob endpoint": primaryEndpoints.blob}''`.' + maxLength: 1024 + pattern: ^https:// + type: string + required: + - storageAccountURI + type: object + required: + - storageAccountType + type: object + type: object + dnsServers: + description: DNSServers adds a list of DNS Server IP addresses to + the VM NICs. + items: + type: string + type: array + enableIPForwarding: + description: EnableIPForwarding enables IP Forwarding in Azure which + is required for some CNI's to send traffic from a pods on one machine + to another. This is required for IpV6 with Calico in combination + with User Defined Routes (set by the Azure Cloud Controller manager). + Default is false for disabled. + type: boolean + failureDomain: + description: FailureDomain is the failure domain unique identifier + this Machine should be attached to, as defined in Cluster API. This + relates to an Azure Availability Zone + type: string + identity: + default: None + description: Identity is the type of identity used for the virtual + machine. The type 'SystemAssigned' is an implicitly created identity. + The generated identity will be assigned a Subscription contributor + role. The type 'UserAssigned' is a standalone Azure resource provided + by the user and assigned to the VM + enum: + - None + - SystemAssigned + - UserAssigned + type: string + image: + description: Image is used to provide details of an image to use during + VM creation. If image details are omitted the image will default + the Azure Marketplace "capi" offer, which is based on Ubuntu. + properties: + computeGallery: + description: ComputeGallery specifies an image to use from the + Azure Compute Gallery + properties: + gallery: + description: Gallery specifies the name of the compute image + gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + plan: + description: Plan contains plan information. + properties: + offer: + description: Offer specifies the name of a group of related + images created by the publisher. For example, UbuntuServer, + WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization + that created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, such + as a major release of a distribution. For example, 18.04-LTS, + 2019-Datacenter + minLength: 1 + type: string + required: + - offer + - publisher + - sku + type: object + resourceGroup: + description: ResourceGroup specifies the resource group containing + the private compute gallery. + type: string + subscriptionID: + description: SubscriptionID is the identifier of the subscription + that contains the private compute gallery. + type: string + version: + description: Version specifies the version of the marketplace + image. The allowed formats are Major.Minor.Build or 'latest'. + Major, Minor, and Build are decimal numbers. Specify 'latest' + to use the latest version of an image available at deploy + time. Even if you use 'latest', the VM image will not automatically + update after deploy time even if a new version becomes available. + minLength: 1 + type: string + required: + - gallery + - name + - version + type: object + id: + description: ID specifies an image to use by ID + type: string + marketplace: + description: Marketplace specifies an image to use from the Azure + Marketplace + properties: + offer: + description: Offer specifies the name of a group of related + images created by the publisher. For example, UbuntuServer, + WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization that + created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, such as + a major release of a distribution. For example, 18.04-LTS, + 2019-Datacenter + minLength: 1 + type: string + thirdPartyImage: + default: false + description: ThirdPartyImage indicates the image is published + by a third party publisher and a Plan will be generated + for it. + type: boolean + version: + description: Version specifies the version of an image sku. + The allowed formats are Major.Minor.Build or 'latest'. Major, + Minor, and Build are decimal numbers. Specify 'latest' to + use the latest version of an image available at deploy time. + Even if you use 'latest', the VM image will not automatically + update after deploy time even if a new version becomes available. + minLength: 1 + type: string + required: + - offer + - publisher + - sku + - version + type: object + sharedGallery: + description: 'SharedGallery specifies an image to use from an + Azure Shared Image Gallery Deprecated: use ComputeGallery instead.' + properties: + gallery: + description: Gallery specifies the name of the shared image + gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + offer: + description: Offer specifies the name of a group of related + images created by the publisher. For example, UbuntuServer, + WindowsServer This value will be used to add a `Plan` in + the API request when creating the VM/VMSS resource. This + is needed when the source image from which this SIG image + was built requires the `Plan` to be used. + type: string + publisher: + description: Publisher is the name of the organization that + created the image. This value will be used to add a `Plan` + in the API request when creating the VM/VMSS resource. This + is needed when the source image from which this SIG image + was built requires the `Plan` to be used. + type: string + resourceGroup: + description: ResourceGroup specifies the resource group containing + the shared image gallery + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, such as + a major release of a distribution. For example, 18.04-LTS, + 2019-Datacenter This value will be used to add a `Plan` + in the API request when creating the VM/VMSS resource. This + is needed when the source image from which this SIG image + was built requires the `Plan` to be used. + type: string + subscriptionID: + description: SubscriptionID is the identifier of the subscription + that contains the shared image gallery + minLength: 1 + type: string + version: + description: Version specifies the version of the marketplace + image. The allowed formats are Major.Minor.Build or 'latest'. + Major, Minor, and Build are decimal numbers. Specify 'latest' + to use the latest version of an image available at deploy + time. Even if you use 'latest', the VM image will not automatically + update after deploy time even if a new version becomes available. + minLength: 1 + type: string + required: + - gallery + - name + - resourceGroup + - subscriptionID + - version + type: object + type: object + networkInterfaces: + description: NetworkInterfaces specifies a list of network interface + configurations. If left unspecified, the VM will get a single network + interface with a single IPConfig in the subnet specified in the + cluster's node subnet field. The primary interface will be the first + networkInterface specified (index 0) in the list. + items: + description: NetworkInterface defines a network interface. + properties: + acceleratedNetworking: + description: AcceleratedNetworking enables or disables Azure + accelerated networking. If omitted, it will be set based on + whether the requested VMSize supports accelerated networking. + If AcceleratedNetworking is set to true with a VMSize that + does not support it, Azure will return an error. + type: boolean + privateIPConfigs: + description: PrivateIPConfigs specifies the number of private + IP addresses to attach to the interface. Defaults to 1 if + not specified. + type: integer + subnetName: + description: SubnetName specifies the subnet in which the new + network interface will be placed. + type: string + type: object + type: array + osDisk: + description: OSDisk specifies the parameters for the operating system + disk of the machine + properties: + cachingType: + description: CachingType specifies the caching requirements. + enum: + - None + - ReadOnly + - ReadWrite + type: string + diffDiskSettings: + description: DiffDiskSettings describe ephemeral disk settings + for the os disk. + properties: + option: + description: Option enables ephemeral OS when set to "Local" + See https://learn.microsoft.com/azure/virtual-machines/ephemeral-os-disks + for full details + enum: + - Local + type: string + required: + - option + type: object + diskSizeGB: + description: DiskSizeGB is the size in GB to assign to the OS + disk. Will have a default of 30GB if not provided + format: int32 + type: integer + managedDisk: + description: ManagedDisk specifies the Managed Disk parameters + for the OS disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed disk. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityProfile: + description: SecurityProfile specifies the security profile + for the managed disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed disk + that is used for Customer Managed Key encrypted ConfidentialVM + OS Disk and VMGuest blob. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityEncryptionType: + description: SecurityEncryptionType specifies the encryption + type of the managed disk. It is set to DiskWithVMGuestState + to encrypt the managed disk along with the VMGuestState + blob, and to VMGuestStateOnly to encrypt the VMGuestState + blob only. When set to VMGuestStateOnly, VirtualizedTrustedPlatformModule + should be set to Enabled. When set to DiskWithVMGuestState, + EncryptionAtHost should be disabled, SecureBoot and + VirtualizedTrustedPlatformModule should be set to Enabled. + It can be set only for Confidential VMs. + enum: + - VMGuestStateOnly + - DiskWithVMGuestState + type: string + type: object + storageAccountType: + type: string + type: object + osType: + type: string + required: + - osType + type: object + providerID: + description: ProviderID is the unique identifier as specified by the + cloud provider. + type: string + roleAssignmentName: + description: 'Deprecated: RoleAssignmentName should be set in the + systemAssignedIdentityRole field.' + type: string + securityProfile: + description: SecurityProfile specifies the Security profile settings + for a virtual machine. + properties: + encryptionAtHost: + description: This field indicates whether Host Encryption should + be enabled or disabled for a virtual machine or virtual machine + scale set. This should be disabled when SecurityEncryptionType + is set to DiskWithVMGuestState. Default is disabled. + type: boolean + securityType: + description: 'SecurityType specifies the SecurityType of the virtual + machine. It has to be set to any specified value to enable UefiSettings. + The default behavior is: UefiSettings will not be enabled unless + this property is set.' + enum: + - ConfidentialVM + - TrustedLaunch + type: string + uefiSettings: + description: UefiSettings specifies the security settings like + secure boot and vTPM used while creating the virtual machine. + properties: + secureBootEnabled: + description: SecureBootEnabled specifies whether secure boot + should be enabled on the virtual machine. Secure Boot verifies + the digital signature of all boot components and halts the + boot process if signature verification fails. If omitted, + the platform chooses a default, which is subject to change + over time, currently that default is false. + type: boolean + vTpmEnabled: + description: VTpmEnabled specifies whether vTPM should be + enabled on the virtual machine. When true it enables the + virtualized trusted platform module measurements to create + a known good boot integrity policy baseline. The integrity + policy baseline is used for comparison with measurements + from subsequent VM boots to determine if anything has changed. + This is required to be set to Enabled if SecurityEncryptionType + is defined. If omitted, the platform chooses a default, + which is subject to change over time, currently that default + is false. + type: boolean + type: object + type: object + spotVMOptions: + description: SpotVMOptions allows the ability to specify the Machine + should use a Spot VM + properties: + evictionPolicy: + description: EvictionPolicy defines the behavior of the virtual + machine when it is evicted. It can be either Delete or Deallocate. + enum: + - Deallocate + - Delete + type: string + maxPrice: + anyOf: + - type: integer + - type: string + description: MaxPrice defines the maximum price the user is willing + to pay for Spot VM instances + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + sshPublicKey: + description: SSHPublicKey is the SSH public key string, base64-encoded + to add to a Virtual Machine. Linux only. Refer to documentation + on how to set up SSH access on Windows instances. + type: string + subnetName: + description: 'Deprecated: SubnetName should be set in the networkInterfaces + field.' + type: string + systemAssignedIdentityRole: + description: SystemAssignedIdentityRole defines the role and scope + to assign to the system-assigned identity. + properties: + definitionID: + description: 'DefinitionID is the ID of the role definition to + create for a system assigned identity. It can be an Azure built-in + role or a custom role. Refer to built-in roles: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles' + type: string + name: + description: Name is the name of the role assignment to create + for a system assigned identity. It can be any valid UUID. If + not specified, a random UUID will be generated. + type: string + scope: + description: Scope is the scope that the role assignment or definition + applies to. The scope can be any REST resource instance. If + not specified, the scope will be the subscription. + type: string + type: object + userAssignedIdentities: + description: UserAssignedIdentities is a list of standalone Azure + identities provided by the user The lifecycle of a user-assigned + identity is managed separately from the lifecycle of the AzureMachine. + See https://learn.microsoft.com/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-cli + items: + description: UserAssignedIdentity defines the user-assigned identities + provided by the user to be assigned to Azure resources. + properties: + providerID: + description: 'ProviderID is the identification ID of the user-assigned + Identity, the format of an identity is: ''azure:///subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''' + type: string + required: + - providerID + type: object + type: array + vmExtensions: + description: VMExtensions specifies a list of extensions to be added + to the virtual machine. + items: + description: VMExtension specifies the parameters for a custom VM + extension. + properties: + name: + description: Name is the name of the extension. + type: string + protectedSettings: + additionalProperties: + type: string + description: ProtectedSettings is a JSON formatted protected + settings for the extension. + type: object + publisher: + description: Publisher is the name of the extension handler + publisher. + type: string + settings: + additionalProperties: + type: string + description: Settings is a JSON formatted public settings for + the extension. + type: object + version: + description: Version specifies the version of the script handler. + type: string + required: + - name + - publisher + - version + type: object + type: array + vmSize: + type: string + required: + - osDisk + - vmSize + type: object + status: + description: AzureMachineStatus defines the observed state of AzureMachine. + properties: + addresses: + description: Addresses contains the Azure instance associated addresses. + items: + description: NodeAddress contains information for the node's address. + properties: + address: + description: The node address. + type: string + type: + description: Node address type, one of Hostname, ExternalIP + or InternalIP. + type: string + required: + - address + - type + type: object + type: array + conditions: + description: Conditions defines current service state of the AzureMachine. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "ErrorMessage will be set in the event that there is + a terminal problem reconciling the Machine and will contain a more + verbose string suitable for logging and human consumption. \n This + field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the Machine's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of Machines can be added as events + to the Machine object and/or logged in the controller's output." + type: string + failureReason: + description: "ErrorReason will be set in the event that there is a + terminal problem reconciling the Machine and will contain a succinct + value suitable for machine interpretation. \n This field should + not be set for transitive errors that a controller faces that are + expected to be fixed automatically over time (like service outages), + but instead indicate that something is fundamentally wrong with + the Machine's spec or the configuration of the controller, and that + manual intervention is required. Examples of terminal errors would + be invalid combinations of settings in the spec, values that are + unsupported by the controller, or the responsible controller itself + being critically misconfigured. \n Any transient errors that occur + during the reconciliation of Machines can be added as events to + the Machine object and/or logged in the controller's output." + type: string + longRunningOperationStates: + description: LongRunningOperationStates saves the states for Azure + long-running operations so they can be continued on the next reconciliation + loop. + items: + description: Future contains the data needed for an Azure long-running + operation to continue across reconcile loops. + properties: + data: + description: Data is the base64 url encoded json Azure AutoRest + Future. + type: string + name: + description: Name is the name of the Azure resource. Together + with the service name, this forms the unique identifier for + the future. + type: string + resourceGroup: + description: ResourceGroup is the Azure resource group for the + resource. + type: string + serviceName: + description: ServiceName is the name of the Azure service. Together + with the name of the resource, this forms the unique identifier + for the future. + type: string + type: + description: Type describes the type of future, such as update, + create, delete, etc. + type: string + required: + - data + - name + - serviceName + - type + type: object + type: array + ready: + description: Ready is true when the provider resource is ready. + type: boolean + vmState: + description: VMState is the provisioning state of the Azure virtual + machine. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremachinetemplates.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capz-webhook-service + namespace: capz-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureMachineTemplate + listKind: AzureMachineTemplateList + plural: azuremachinetemplates + singular: azuremachinetemplate + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AzureMachineTemplate is the Schema for the azuremachinetemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureMachineTemplateSpec defines the desired state of AzureMachineTemplate. + properties: + template: + description: AzureMachineTemplateResource describes the data needed + to create an AzureMachine from a template. + properties: + metadata: + description: "ObjectMeta is metadata that all persisted resources + must have, which includes all objects users must create. This + is a copy of customizable fields from metav1.ObjectMeta. \n + ObjectMeta is embedded in `Machine.Spec`, `MachineDeployment.Template` + and `MachineSet.Template`, which are not top-level Kubernetes + objects. Given that metav1.ObjectMeta has lots of special cases + and read-only fields which end up in the generated CRD validation, + having it as a subset simplifies the API and some issues that + can impact user experience. \n During the [upgrade to controller-tools@v2](https://github.com/kubernetes-sigs/cluster-api/pull/1054) + for v1alpha2, we noticed a failure would occur running Cluster + API test suite against the new CRDs, specifically `spec.metadata.creationTimestamp + in body must be of type string: \"null\"`. The investigation + showed that `controller-tools@v2` behaves differently than its + previous version when handling types from [metav1](k8s.io/apimachinery/pkg/apis/meta/v1) + package. \n In more details, we found that embedded (non-top + level) types that embedded `metav1.ObjectMeta` had validation + properties, including for `creationTimestamp` (metav1.Time). + The `metav1.Time` type specifies a custom json marshaller that, + when IsZero() is true, returns `null` which breaks validation + because the field isn't marked as nullable. \n In future versions, + controller-tools@v2 might allow overriding the type and validation + for embedded types. When that happens, this hack should be revisited." + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: Spec is the specification of the desired behavior + of the machine. + properties: + acceleratedNetworking: + description: 'Deprecated: AcceleratedNetworking should be + set in the networkInterfaces field.' + type: boolean + additionalCapabilities: + description: AdditionalCapabilities specifies additional capabilities + enabled or disabled on the virtual machine. + properties: + ultraSSDEnabled: + description: UltraSSDEnabled enables or disables Azure + UltraSSD capability for the virtual machine. Defaults + to true if Ultra SSD data disks are specified, otherwise + it doesn't set the capability on the VM. + type: boolean + type: object + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to + add to an instance, in addition to the ones added by default + by the Azure provider. If both the AzureCluster and the + AzureMachine specify the same tag name with different values, + the AzureMachine's value takes precedence. + type: object + allocatePublicIP: + description: AllocatePublicIP allows the ability to create + dynamic public ips for machines where this value is true. + type: boolean + dataDisks: + description: DataDisk specifies the parameters that are used + to add one or more data disks to the machine + items: + description: DataDisk specifies the parameters that are + used to add one or more data disks to the machine. + properties: + cachingType: + description: CachingType specifies the caching requirements. + enum: + - None + - ReadOnly + - ReadWrite + type: string + diskSizeGB: + description: DiskSizeGB is the size in GB to assign + to the data disk. + format: int32 + type: integer + lun: + description: Lun Specifies the logical unit number of + the data disk. This value is used to identify data + disks within the VM and therefore must be unique for + each data disk attached to a VM. The value must be + between 0 and 63. + format: int32 + type: integer + managedDisk: + description: ManagedDisk specifies the Managed Disk + parameters for the data disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed + disk. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityProfile: + description: SecurityProfile specifies the security + profile for the managed disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the + customer-managed disk encryption set resource + id for the managed disk that is used for Customer + Managed Key encrypted ConfidentialVM OS Disk + and VMGuest blob. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityEncryptionType: + description: SecurityEncryptionType specifies + the encryption type of the managed disk. It + is set to DiskWithVMGuestState to encrypt + the managed disk along with the VMGuestState + blob, and to VMGuestStateOnly to encrypt the + VMGuestState blob only. When set to VMGuestStateOnly, + VirtualizedTrustedPlatformModule should be + set to Enabled. When set to DiskWithVMGuestState, + EncryptionAtHost should be disabled, SecureBoot + and VirtualizedTrustedPlatformModule should + be set to Enabled. It can be set only for + Confidential VMs. + enum: + - VMGuestStateOnly + - DiskWithVMGuestState + type: string + type: object + storageAccountType: + type: string + type: object + nameSuffix: + description: NameSuffix is the suffix to be appended + to the machine name to generate the disk name. Each + disk name will be in format _. + type: string + required: + - diskSizeGB + - nameSuffix + type: object + type: array + diagnostics: + description: Diagnostics specifies the diagnostics settings + for a virtual machine. If not specified then Boot diagnostics + (Managed) will be enabled. + properties: + boot: + description: Boot configures the boot diagnostics settings + for the virtual machine. This allows to configure capturing + serial output from the virtual machine on boot. This + is useful for debugging software based launch issues. + If not specified then Boot diagnostics (Managed) will + be enabled. + properties: + storageAccountType: + description: StorageAccountType determines if the + storage account for storing the diagnostics data + should be disabled (Disabled), provisioned by Azure + (Managed) or by the user (UserManaged). + enum: + - Managed + - UserManaged + - Disabled + type: string + userManaged: + description: UserManaged provides a reference to the + user-managed storage account. + properties: + storageAccountURI: + description: 'StorageAccountURI is the URI of + the user-managed storage account. The URI typically + will be `https://.blob.core.windows.net/` + but may differ if you are using Azure DNS zone + endpoints. You can find the correct endpoint + by looking for the Blob Primary Endpoint in + the endpoints tab in the Azure console or with + the CLI by issuing `az storage account list + --query=''[].{name: name, "resource group": + resourceGroup, "blob endpoint": primaryEndpoints.blob}''`.' + maxLength: 1024 + pattern: ^https:// + type: string + required: + - storageAccountURI + type: object + required: + - storageAccountType + type: object + type: object + dnsServers: + description: DNSServers adds a list of DNS Server IP addresses + to the VM NICs. + items: + type: string + type: array + enableIPForwarding: + description: EnableIPForwarding enables IP Forwarding in Azure + which is required for some CNI's to send traffic from a + pods on one machine to another. This is required for IpV6 + with Calico in combination with User Defined Routes (set + by the Azure Cloud Controller manager). Default is false + for disabled. + type: boolean + failureDomain: + description: FailureDomain is the failure domain unique identifier + this Machine should be attached to, as defined in Cluster + API. This relates to an Azure Availability Zone + type: string + identity: + default: None + description: Identity is the type of identity used for the + virtual machine. The type 'SystemAssigned' is an implicitly + created identity. The generated identity will be assigned + a Subscription contributor role. The type 'UserAssigned' + is a standalone Azure resource provided by the user and + assigned to the VM + enum: + - None + - SystemAssigned + - UserAssigned + type: string + image: + description: Image is used to provide details of an image + to use during VM creation. If image details are omitted + the image will default the Azure Marketplace "capi" offer, + which is based on Ubuntu. + properties: + computeGallery: + description: ComputeGallery specifies an image to use + from the Azure Compute Gallery + properties: + gallery: + description: Gallery specifies the name of the compute + image gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + plan: + description: Plan contains plan information. + properties: + offer: + description: Offer specifies the name of a group + of related images created by the publisher. + For example, UbuntuServer, WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization + that created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, + such as a major release of a distribution. For + example, 18.04-LTS, 2019-Datacenter + minLength: 1 + type: string + required: + - offer + - publisher + - sku + type: object + resourceGroup: + description: ResourceGroup specifies the resource + group containing the private compute gallery. + type: string + subscriptionID: + description: SubscriptionID is the identifier of the + subscription that contains the private compute gallery. + type: string + version: + description: Version specifies the version of the + marketplace image. The allowed formats are Major.Minor.Build + or 'latest'. Major, Minor, and Build are decimal + numbers. Specify 'latest' to use the latest version + of an image available at deploy time. Even if you + use 'latest', the VM image will not automatically + update after deploy time even if a new version becomes + available. + minLength: 1 + type: string + required: + - gallery + - name + - version + type: object + id: + description: ID specifies an image to use by ID + type: string + marketplace: + description: Marketplace specifies an image to use from + the Azure Marketplace + properties: + offer: + description: Offer specifies the name of a group of + related images created by the publisher. For example, + UbuntuServer, WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization + that created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, + such as a major release of a distribution. For example, + 18.04-LTS, 2019-Datacenter + minLength: 1 + type: string + thirdPartyImage: + default: false + description: ThirdPartyImage indicates the image is + published by a third party publisher and a Plan + will be generated for it. + type: boolean + version: + description: Version specifies the version of an image + sku. The allowed formats are Major.Minor.Build or + 'latest'. Major, Minor, and Build are decimal numbers. + Specify 'latest' to use the latest version of an + image available at deploy time. Even if you use + 'latest', the VM image will not automatically update + after deploy time even if a new version becomes + available. + minLength: 1 + type: string + required: + - offer + - publisher + - sku + - version + type: object + sharedGallery: + description: 'SharedGallery specifies an image to use + from an Azure Shared Image Gallery Deprecated: use ComputeGallery + instead.' + properties: + gallery: + description: Gallery specifies the name of the shared + image gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + offer: + description: Offer specifies the name of a group of + related images created by the publisher. For example, + UbuntuServer, WindowsServer This value will be used + to add a `Plan` in the API request when creating + the VM/VMSS resource. This is needed when the source + image from which this SIG image was built requires + the `Plan` to be used. + type: string + publisher: + description: Publisher is the name of the organization + that created the image. This value will be used + to add a `Plan` in the API request when creating + the VM/VMSS resource. This is needed when the source + image from which this SIG image was built requires + the `Plan` to be used. + type: string + resourceGroup: + description: ResourceGroup specifies the resource + group containing the shared image gallery + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, + such as a major release of a distribution. For example, + 18.04-LTS, 2019-Datacenter This value will be used + to add a `Plan` in the API request when creating + the VM/VMSS resource. This is needed when the source + image from which this SIG image was built requires + the `Plan` to be used. + type: string + subscriptionID: + description: SubscriptionID is the identifier of the + subscription that contains the shared image gallery + minLength: 1 + type: string + version: + description: Version specifies the version of the + marketplace image. The allowed formats are Major.Minor.Build + or 'latest'. Major, Minor, and Build are decimal + numbers. Specify 'latest' to use the latest version + of an image available at deploy time. Even if you + use 'latest', the VM image will not automatically + update after deploy time even if a new version becomes + available. + minLength: 1 + type: string + required: + - gallery + - name + - resourceGroup + - subscriptionID + - version + type: object + type: object + networkInterfaces: + description: NetworkInterfaces specifies a list of network + interface configurations. If left unspecified, the VM will + get a single network interface with a single IPConfig in + the subnet specified in the cluster's node subnet field. + The primary interface will be the first networkInterface + specified (index 0) in the list. + items: + description: NetworkInterface defines a network interface. + properties: + acceleratedNetworking: + description: AcceleratedNetworking enables or disables + Azure accelerated networking. If omitted, it will + be set based on whether the requested VMSize supports + accelerated networking. If AcceleratedNetworking is + set to true with a VMSize that does not support it, + Azure will return an error. + type: boolean + privateIPConfigs: + description: PrivateIPConfigs specifies the number of + private IP addresses to attach to the interface. Defaults + to 1 if not specified. + type: integer + subnetName: + description: SubnetName specifies the subnet in which + the new network interface will be placed. + type: string + type: object + type: array + osDisk: + description: OSDisk specifies the parameters for the operating + system disk of the machine + properties: + cachingType: + description: CachingType specifies the caching requirements. + enum: + - None + - ReadOnly + - ReadWrite + type: string + diffDiskSettings: + description: DiffDiskSettings describe ephemeral disk + settings for the os disk. + properties: + option: + description: Option enables ephemeral OS when set + to "Local" See https://learn.microsoft.com/azure/virtual-machines/ephemeral-os-disks + for full details + enum: + - Local + type: string + required: + - option + type: object + diskSizeGB: + description: DiskSizeGB is the size in GB to assign to + the OS disk. Will have a default of 30GB if not provided + format: int32 + type: integer + managedDisk: + description: ManagedDisk specifies the Managed Disk parameters + for the OS disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed + disk. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityProfile: + description: SecurityProfile specifies the security + profile for the managed disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed + disk that is used for Customer Managed Key encrypted + ConfidentialVM OS Disk and VMGuest blob. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityEncryptionType: + description: SecurityEncryptionType specifies + the encryption type of the managed disk. It + is set to DiskWithVMGuestState to encrypt the + managed disk along with the VMGuestState blob, + and to VMGuestStateOnly to encrypt the VMGuestState + blob only. When set to VMGuestStateOnly, VirtualizedTrustedPlatformModule + should be set to Enabled. When set to DiskWithVMGuestState, + EncryptionAtHost should be disabled, SecureBoot + and VirtualizedTrustedPlatformModule should + be set to Enabled. It can be set only for Confidential + VMs. + enum: + - VMGuestStateOnly + - DiskWithVMGuestState + type: string + type: object + storageAccountType: + type: string + type: object + osType: + type: string + required: + - osType + type: object + providerID: + description: ProviderID is the unique identifier as specified + by the cloud provider. + type: string + roleAssignmentName: + description: 'Deprecated: RoleAssignmentName should be set + in the systemAssignedIdentityRole field.' + type: string + securityProfile: + description: SecurityProfile specifies the Security profile + settings for a virtual machine. + properties: + encryptionAtHost: + description: This field indicates whether Host Encryption + should be enabled or disabled for a virtual machine + or virtual machine scale set. This should be disabled + when SecurityEncryptionType is set to DiskWithVMGuestState. + Default is disabled. + type: boolean + securityType: + description: 'SecurityType specifies the SecurityType + of the virtual machine. It has to be set to any specified + value to enable UefiSettings. The default behavior is: + UefiSettings will not be enabled unless this property + is set.' + enum: + - ConfidentialVM + - TrustedLaunch + type: string + uefiSettings: + description: UefiSettings specifies the security settings + like secure boot and vTPM used while creating the virtual + machine. + properties: + secureBootEnabled: + description: SecureBootEnabled specifies whether secure + boot should be enabled on the virtual machine. Secure + Boot verifies the digital signature of all boot + components and halts the boot process if signature + verification fails. If omitted, the platform chooses + a default, which is subject to change over time, + currently that default is false. + type: boolean + vTpmEnabled: + description: VTpmEnabled specifies whether vTPM should + be enabled on the virtual machine. When true it + enables the virtualized trusted platform module + measurements to create a known good boot integrity + policy baseline. The integrity policy baseline is + used for comparison with measurements from subsequent + VM boots to determine if anything has changed. This + is required to be set to Enabled if SecurityEncryptionType + is defined. If omitted, the platform chooses a default, + which is subject to change over time, currently + that default is false. + type: boolean + type: object + type: object + spotVMOptions: + description: SpotVMOptions allows the ability to specify the + Machine should use a Spot VM + properties: + evictionPolicy: + description: EvictionPolicy defines the behavior of the + virtual machine when it is evicted. It can be either + Delete or Deallocate. + enum: + - Deallocate + - Delete + type: string + maxPrice: + anyOf: + - type: integer + - type: string + description: MaxPrice defines the maximum price the user + is willing to pay for Spot VM instances + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + sshPublicKey: + description: SSHPublicKey is the SSH public key string, base64-encoded + to add to a Virtual Machine. Linux only. Refer to documentation + on how to set up SSH access on Windows instances. + type: string + subnetName: + description: 'Deprecated: SubnetName should be set in the + networkInterfaces field.' + type: string + systemAssignedIdentityRole: + description: SystemAssignedIdentityRole defines the role and + scope to assign to the system-assigned identity. + properties: + definitionID: + description: 'DefinitionID is the ID of the role definition + to create for a system assigned identity. It can be + an Azure built-in role or a custom role. Refer to built-in + roles: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles' + type: string + name: + description: Name is the name of the role assignment to + create for a system assigned identity. It can be any + valid UUID. If not specified, a random UUID will be + generated. + type: string + scope: + description: Scope is the scope that the role assignment + or definition applies to. The scope can be any REST + resource instance. If not specified, the scope will + be the subscription. + type: string + type: object + userAssignedIdentities: + description: UserAssignedIdentities is a list of standalone + Azure identities provided by the user The lifecycle of a + user-assigned identity is managed separately from the lifecycle + of the AzureMachine. See https://learn.microsoft.com/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-cli + items: + description: UserAssignedIdentity defines the user-assigned + identities provided by the user to be assigned to Azure + resources. + properties: + providerID: + description: 'ProviderID is the identification ID of + the user-assigned Identity, the format of an identity + is: ''azure:///subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''' + type: string + required: + - providerID + type: object + type: array + vmExtensions: + description: VMExtensions specifies a list of extensions to + be added to the virtual machine. + items: + description: VMExtension specifies the parameters for a + custom VM extension. + properties: + name: + description: Name is the name of the extension. + type: string + protectedSettings: + additionalProperties: + type: string + description: ProtectedSettings is a JSON formatted protected + settings for the extension. + type: object + publisher: + description: Publisher is the name of the extension + handler publisher. + type: string + settings: + additionalProperties: + type: string + description: Settings is a JSON formatted public settings + for the extension. + type: object + version: + description: Version specifies the version of the script + handler. + type: string + required: + - name + - publisher + - version + type: object + type: array + vmSize: + type: string + required: + - osDisk + - vmSize + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremanagedclusters.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureManagedCluster + listKind: AzureManagedClusterList + plural: azuremanagedclusters + shortNames: + - amc + singular: azuremanagedcluster + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AzureManagedCluster is the Schema for the azuremanagedclusters + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureManagedClusterSpec defines the desired state of AzureManagedCluster. + properties: + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. Immutable, populated by the + AKS API at create. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + type: object + status: + description: AzureManagedClusterStatus defines the observed state of AzureManagedCluster. + properties: + ready: + description: Ready is true when the provider resource is ready. + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremanagedclustertemplates.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureManagedClusterTemplate + listKind: AzureManagedClusterTemplateList + plural: azuremanagedclustertemplates + shortNames: + - amct + singular: azuremanagedclustertemplate + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AzureManagedClusterTemplate is the Schema for the AzureManagedClusterTemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureManagedClusterTemplateSpec defines the desired state + of AzureManagedClusterTemplate. + properties: + template: + description: AzureManagedClusterTemplateResource describes the data + needed to create an AzureManagedCluster from a template. + properties: + spec: + description: AzureManagedClusterTemplateResourceSpec specifies + an Azure managed cluster template resource. + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremanagedcontrolplanes.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureManagedControlPlane + listKind: AzureManagedControlPlaneList + plural: azuremanagedcontrolplanes + shortNames: + - amcp + singular: azuremanagedcontrolplane + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AzureManagedControlPlane is the Schema for the azuremanagedcontrolplanes + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureManagedControlPlaneSpec defines the desired state of + AzureManagedControlPlane. + properties: + aadProfile: + description: AadProfile is Azure Active Directory configuration to + integrate with AKS for aad authentication. + properties: + adminGroupObjectIDs: + description: AdminGroupObjectIDs - AAD group object IDs that will + have admin role of the cluster. + items: + type: string + type: array + managed: + description: Managed - Whether to enable managed AAD. + type: boolean + required: + - adminGroupObjectIDs + - managed + type: object + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to Azure + resources managed by the Azure provider, in addition to the ones + added by default. + type: object + addonProfiles: + description: AddonProfiles are the profiles of managed cluster add-on. + items: + description: AddonProfile represents a managed cluster add-on. + properties: + config: + additionalProperties: + type: string + description: Config - Key-value pairs for configuring the add-on. + type: object + enabled: + description: Enabled - Whether the add-on is enabled or not. + type: boolean + name: + description: Name - The name of the managed cluster add-on. + type: string + required: + - enabled + - name + type: object + type: array + apiServerAccessProfile: + description: APIServerAccessProfile is the access profile for AKS + API server. Immutable except for `authorizedIPRanges`. + properties: + authorizedIPRanges: + description: AuthorizedIPRanges - Authorized IP Ranges to kubernetes + API server. + items: + type: string + type: array + enablePrivateCluster: + description: EnablePrivateCluster indicates whether to create + the cluster as a private cluster or not. + type: boolean + enablePrivateClusterPublicFQDN: + description: EnablePrivateClusterPublicFQDN indicates whether + to create additional public FQDN for private cluster or not. + type: boolean + privateDNSZone: + description: PrivateDNSZone enables private dns zone mode for + private cluster. + enum: + - System + - None + type: string + type: object + autoscalerProfile: + description: AutoscalerProfile is the parameters to be applied to + the cluster-autoscaler when enabled + properties: + balanceSimilarNodeGroups: + description: BalanceSimilarNodeGroups - Valid values are 'true' + and 'false'. The default is false. + enum: + - "true" + - "false" + type: string + expander: + description: Expander - If not specified, the default is 'random'. + See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information. + enum: + - least-waste + - most-pods + - priority + - random + type: string + maxEmptyBulkDelete: + description: MaxEmptyBulkDelete - The default is 10. + type: string + maxGracefulTerminationSec: + description: MaxGracefulTerminationSec - The default is 600. + pattern: ^(\d+)$ + type: string + maxNodeProvisionTime: + description: MaxNodeProvisionTime - The default is '15m'. Values + must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + maxTotalUnreadyPercentage: + description: MaxTotalUnreadyPercentage - The default is 45. The + maximum is 100 and the minimum is 0. + maxLength: 3 + minLength: 1 + pattern: ^(\d+)$ + type: string + newPodScaleUpDelay: + description: NewPodScaleUpDelay - For scenarios like burst/batch + scale where you don't want CA to act before the kubernetes scheduler + could schedule all the pods, you can tell CA to ignore unscheduled + pods before they're a certain age. The default is '0s'. Values + must be an integer followed by a unit ('s' for seconds, 'm' + for minutes, 'h' for hours, etc). + type: string + okTotalUnreadyCount: + description: OkTotalUnreadyCount - This must be an integer. The + default is 3. + pattern: ^(\d+)$ + type: string + scaleDownDelayAfterAdd: + description: ScaleDownDelayAfterAdd - The default is '10m'. Values + must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + scaleDownDelayAfterDelete: + description: ScaleDownDelayAfterDelete - The default is the scan-interval. + Values must be an integer followed by an 's'. No unit of time + other than seconds (s) is supported. + pattern: ^(\d+)s$ + type: string + scaleDownDelayAfterFailure: + description: ScaleDownDelayAfterFailure - The default is '3m'. + Values must be an integer followed by an 'm'. No unit of time + other than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + scaleDownUnneededTime: + description: ScaleDownUnneededTime - The default is '10m'. Values + must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + scaleDownUnreadyTime: + description: ScaleDownUnreadyTime - The default is '20m'. Values + must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + scaleDownUtilizationThreshold: + description: ScaleDownUtilizationThreshold - The default is '0.5'. + type: string + scanInterval: + description: ScanInterval - How often cluster is reevaluated for + scale up or down. The default is '10s'. + pattern: ^(\d+)s$ + type: string + skipNodesWithLocalStorage: + description: SkipNodesWithLocalStorage - The default is false. + enum: + - "true" + - "false" + type: string + skipNodesWithSystemPods: + description: SkipNodesWithSystemPods - The default is true. + enum: + - "true" + - "false" + type: string + type: object + azureEnvironment: + description: "AzureEnvironment is the name of the AzureCloud to be + used. The default value that would be used by most users is \"AzurePublicCloud\", + other values are: - ChinaCloud: \"AzureChinaCloud\" - PublicCloud: + \"AzurePublicCloud\" - USGovernmentCloud: \"AzureUSGovernmentCloud\" + \n Note that values other than the default must also be accompanied + by corresponding changes to the aso-controller-settings Secret to + configure ASO to refer to the non-Public cloud. ASO currently does + not support referring to multiple different clouds in a single installation. + The following fields must be defined in the Secret: - AZURE_AUTHORITY_HOST + - AZURE_RESOURCE_MANAGER_ENDPOINT - AZURE_RESOURCE_MANAGER_AUDIENCE + \n See the [ASO docs] for more details. \n [ASO docs]: https://azure.github.io/azure-service-operator/guide/aso-controller-settings-options/" + type: string + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. Immutable, populated by the + AKS API at create. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + disableLocalAccounts: + description: DisableLocalAccounts disables getting static credentials + for this cluster when set. Expected to only be used for AAD clusters. + type: boolean + dnsPrefix: + description: DNSPrefix allows the user to customize dns prefix. Immutable. + type: string + dnsServiceIP: + description: DNSServiceIP is an IP address assigned to the Kubernetes + DNS service. It must be within the Kubernetes service address range + specified in serviceCidr. Immutable. + type: string + fleetsMember: + description: "FleetsMember is the spec for the fleet this cluster + is a member of. See also [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/en-us/azure/templates/microsoft.containerservice/2023-03-15-preview/fleets/members" + properties: + group: + description: Group is the group this member belongs to for multi-cluster + update management. + type: string + managerName: + description: ManagerName is the name of the fleet manager. + type: string + managerResourceGroup: + description: ManagerResourceGroup is the resource group of the + fleet manager. + type: string + name: + description: Name is the name of the member. + type: string + required: + - managerName + - managerResourceGroup + type: object + httpProxyConfig: + description: HTTPProxyConfig is the HTTP proxy configuration for the + cluster. Immutable. + properties: + httpProxy: + description: HTTPProxy is the HTTP proxy server endpoint to use. + type: string + httpsProxy: + description: HTTPSProxy is the HTTPS proxy server endpoint to + use. + type: string + noProxy: + description: NoProxy indicates the endpoints that should not go + through proxy. + items: + type: string + type: array + trustedCa: + description: TrustedCA is the alternative CA cert to use for connecting + to proxy servers. + type: string + type: object + identity: + description: Identity configuration used by the AKS control plane. + properties: + type: + description: Type - The Identity type to use. + enum: + - SystemAssigned + - UserAssigned + type: string + userAssignedIdentityResourceID: + description: UserAssignedIdentityResourceID - Identity ARM resource + ID when using user-assigned identity. + type: string + type: object + identityRef: + description: IdentityRef is a reference to a AzureClusterIdentity + to be used when reconciling this cluster + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + kubeletUserAssignedIdentity: + description: KubeletUserAssignedIdentity is the user-assigned identity + for kubelet. For authentication with Azure Container Registry. + type: string + loadBalancerProfile: + description: LoadBalancerProfile is the profile of the cluster load + balancer. + properties: + allocatedOutboundPorts: + description: AllocatedOutboundPorts - Desired number of allocated + SNAT ports per VM. Allowed values must be in the range of 0 + to 64000 (inclusive). The default value is 0 which results in + Azure dynamically allocating ports. + type: integer + idleTimeoutInMinutes: + description: IdleTimeoutInMinutes - Desired outbound flow idle + timeout in minutes. Allowed values must be in the range of 4 + to 120 (inclusive). The default value is 30 minutes. + type: integer + managedOutboundIPs: + description: ManagedOutboundIPs - Desired managed outbound IPs + for the cluster load balancer. + type: integer + outboundIPPrefixes: + description: OutboundIPPrefixes - Desired outbound IP Prefix resources + for the cluster load balancer. + items: + type: string + type: array + outboundIPs: + description: OutboundIPs - Desired outbound IP resources for the + cluster load balancer. + items: + type: string + type: array + type: object + loadBalancerSKU: + default: Standard + description: LoadBalancerSKU is the SKU of the loadBalancer to be + provisioned. Immutable. + enum: + - Basic + - Standard + type: string + location: + description: 'Location is a string matching one of the canonical Azure + region names. Examples: "westus2", "eastus".' + type: string + machineTemplate: + description: MachineTemplate contains information about how machines + should be shaped when creating or updating a control plane. For + the AzureManagedControlPlaneTemplate, this field is used only to + fulfill the CAPI contract. + type: object + networkPlugin: + description: NetworkPlugin used for building Kubernetes network. + enum: + - azure + - kubenet + - none + type: string + networkPluginMode: + description: NetworkPluginMode is the mode the network plugin should + use. Allowed value is "overlay". + enum: + - overlay + type: string + networkPolicy: + description: NetworkPolicy used for building Kubernetes network. + enum: + - azure + - calico + type: string + nodeResourceGroupName: + description: NodeResourceGroupName is the name of the resource group + containing cluster IaaS resources. Will be populated to default + in webhook. Immutable. + type: string + oidcIssuerProfile: + description: OIDCIssuerProfile is the OIDC issuer profile of the Managed + Cluster. + properties: + enabled: + description: Enabled is whether the OIDC issuer is enabled. + type: boolean + type: object + outboundType: + description: Outbound configuration used by Nodes. + enum: + - loadBalancer + - managedNATGateway + - userAssignedNATGateway + - userDefinedRouting + type: string + resourceGroupName: + description: ResourceGroupName is the name of the Azure resource group + for this AKS Cluster. Immutable. + type: string + sku: + description: SKU is the SKU of the AKS to be provisioned. + properties: + tier: + description: Tier - Tier of an AKS cluster. + enum: + - Free + - Paid + - Standard + type: string + required: + - tier + type: object + sshPublicKey: + description: SSHPublicKey is a string literal containing an ssh public + key base64 encoded. Use empty string to autogenerate new key. Use + null value to not set key. Immutable. + type: string + subscriptionID: + description: SubscriptionID is the GUID of the Azure subscription + that owns this cluster. + type: string + version: + description: Version defines the desired Kubernetes version. + minLength: 2 + type: string + virtualNetwork: + description: VirtualNetwork describes the virtual network for the + AKS cluster. It will be created if it does not already exist. + properties: + cidrBlock: + type: string + name: + type: string + resourceGroup: + description: ResourceGroup is the name of the Azure resource group + for the VNet and Subnet. + type: string + subnet: + description: ManagedControlPlaneSubnet describes a subnet for + an AKS cluster. + properties: + cidrBlock: + type: string + name: + type: string + privateEndpoints: + description: PrivateEndpoints is a slice of Virtual Network + private endpoints to create for the subnets. + items: + description: PrivateEndpointSpec configures an Azure Private + Endpoint. + properties: + applicationSecurityGroups: + description: ApplicationSecurityGroups specifies the + Application security group in which the private endpoint + IP configuration is included. + items: + type: string + type: array + customNetworkInterfaceName: + description: CustomNetworkInterfaceName specifies the + network interface name associated with the private + endpoint. + type: string + location: + description: Location specifies the region to create + the private endpoint. + type: string + manualApproval: + description: ManualApproval specifies if the connection + approval needs to be done manually or not. Set it + true when the network admin does not have access to + approve connections to the remote resource. Defaults + to false. + type: boolean + name: + description: Name specifies the name of the private + endpoint. + type: string + privateIPAddresses: + description: PrivateIPAddresses specifies the IP addresses + for the network interface associated with the private + endpoint. They have to be part of the subnet where + the private endpoint is linked. + items: + type: string + type: array + privateLinkServiceConnections: + description: PrivateLinkServiceConnections specifies + Private Link Service Connections of the private endpoint. + items: + description: PrivateLinkServiceConnection defines + the specification for a private link service connection + associated with a private endpoint. + properties: + groupIDs: + description: GroupIDs specifies the ID(s) of the + group(s) obtained from the remote resource that + this private endpoint should connect to. + items: + type: string + type: array + name: + description: Name specifies the name of the private + link service. + type: string + privateLinkServiceID: + description: PrivateLinkServiceID specifies the + resource ID of the private link service. + type: string + requestMessage: + description: RequestMessage specifies a message + passed to the owner of the remote resource with + the private endpoint connection request. + maxLength: 140 + type: string + type: object + type: array + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + serviceEndpoints: + description: ServiceEndpoints is a slice of Virtual Network + service endpoints to enable for the subnets. + items: + description: ServiceEndpointSpec configures an Azure Service + Endpoint. + properties: + locations: + items: + type: string + type: array + service: + type: string + required: + - locations + - service + type: object + type: array + x-kubernetes-list-map-keys: + - service + x-kubernetes-list-type: map + required: + - cidrBlock + - name + type: object + required: + - cidrBlock + - name + type: object + required: + - identityRef + - location + - resourceGroupName + - version + type: object + status: + description: AzureManagedControlPlaneStatus defines the observed state + of AzureManagedControlPlane. + properties: + conditions: + description: Conditions defines current service state of the AzureManagedControlPlane. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + initialized: + description: Initialized is true when the control plane is available + for initial contact. This may occur before the control plane is + fully ready. In the AzureManagedControlPlane implementation, these + are identical. + type: boolean + longRunningOperationStates: + description: LongRunningOperationStates saves the states for Azure + long-running operations so they can be continued on the next reconciliation + loop. + items: + description: Future contains the data needed for an Azure long-running + operation to continue across reconcile loops. + properties: + data: + description: Data is the base64 url encoded json Azure AutoRest + Future. + type: string + name: + description: Name is the name of the Azure resource. Together + with the service name, this forms the unique identifier for + the future. + type: string + resourceGroup: + description: ResourceGroup is the Azure resource group for the + resource. + type: string + serviceName: + description: ServiceName is the name of the Azure service. Together + with the name of the resource, this forms the unique identifier + for the future. + type: string + type: + description: Type describes the type of future, such as update, + create, delete, etc. + type: string + required: + - data + - name + - serviceName + - type + type: object + type: array + oidcIssuerProfile: + description: OIDCIssuerProfile is the OIDC issuer profile of the Managed + Cluster. + properties: + issuerURL: + description: IssuerURL is the OIDC issuer url of the Managed Cluster. + type: string + type: object + ready: + description: Ready is true when the provider resource is ready. + type: boolean + version: + description: Version defines the Kubernetes version for the control + plane instance. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremanagedcontrolplanetemplates.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureManagedControlPlaneTemplate + listKind: AzureManagedControlPlaneTemplateList + plural: azuremanagedcontrolplanetemplates + shortNames: + - amcpt + singular: azuremanagedcontrolplanetemplate + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AzureManagedControlPlaneTemplate is the Schema for the AzureManagedControlPlaneTemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureManagedControlPlaneTemplateSpec defines the desired + state of AzureManagedControlPlaneTemplate. + properties: + template: + description: AzureManagedControlPlaneTemplateResource describes the + data needed to create an AzureManagedCluster from a template. + properties: + spec: + description: AzureManagedControlPlaneTemplateResourceSpec specifies + an Azure managed control plane template resource. + properties: + aadProfile: + description: AadProfile is Azure Active Directory configuration + to integrate with AKS for aad authentication. + properties: + adminGroupObjectIDs: + description: AdminGroupObjectIDs - AAD group object IDs + that will have admin role of the cluster. + items: + type: string + type: array + managed: + description: Managed - Whether to enable managed AAD. + type: boolean + required: + - adminGroupObjectIDs + - managed + type: object + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to + add to Azure resources managed by the Azure provider, in + addition to the ones added by default. + type: object + addonProfiles: + description: AddonProfiles are the profiles of managed cluster + add-on. + items: + description: AddonProfile represents a managed cluster add-on. + properties: + config: + additionalProperties: + type: string + description: Config - Key-value pairs for configuring + the add-on. + type: object + enabled: + description: Enabled - Whether the add-on is enabled + or not. + type: boolean + name: + description: Name - The name of the managed cluster + add-on. + type: string + required: + - enabled + - name + type: object + type: array + apiServerAccessProfile: + description: APIServerAccessProfile is the access profile + for AKS API server. Immutable except for `authorizedIPRanges`. + properties: + authorizedIPRanges: + description: AuthorizedIPRanges - Authorized IP Ranges + to kubernetes API server. + items: + type: string + type: array + enablePrivateCluster: + description: EnablePrivateCluster indicates whether to + create the cluster as a private cluster or not. + type: boolean + enablePrivateClusterPublicFQDN: + description: EnablePrivateClusterPublicFQDN indicates + whether to create additional public FQDN for private + cluster or not. + type: boolean + privateDNSZone: + description: PrivateDNSZone enables private dns zone mode + for private cluster. + enum: + - System + - None + type: string + type: object + autoscalerProfile: + description: AutoscalerProfile is the parameters to be applied + to the cluster-autoscaler when enabled + properties: + balanceSimilarNodeGroups: + description: BalanceSimilarNodeGroups - Valid values are + 'true' and 'false'. The default is false. + enum: + - "true" + - "false" + type: string + expander: + description: Expander - If not specified, the default + is 'random'. See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information. + enum: + - least-waste + - most-pods + - priority + - random + type: string + maxEmptyBulkDelete: + description: MaxEmptyBulkDelete - The default is 10. + type: string + maxGracefulTerminationSec: + description: MaxGracefulTerminationSec - The default is + 600. + pattern: ^(\d+)$ + type: string + maxNodeProvisionTime: + description: MaxNodeProvisionTime - The default is '15m'. + Values must be an integer followed by an 'm'. No unit + of time other than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + maxTotalUnreadyPercentage: + description: MaxTotalUnreadyPercentage - The default is + 45. The maximum is 100 and the minimum is 0. + maxLength: 3 + minLength: 1 + pattern: ^(\d+)$ + type: string + newPodScaleUpDelay: + description: NewPodScaleUpDelay - For scenarios like burst/batch + scale where you don't want CA to act before the kubernetes + scheduler could schedule all the pods, you can tell + CA to ignore unscheduled pods before they're a certain + age. The default is '0s'. Values must be an integer + followed by a unit ('s' for seconds, 'm' for minutes, + 'h' for hours, etc). + type: string + okTotalUnreadyCount: + description: OkTotalUnreadyCount - This must be an integer. + The default is 3. + pattern: ^(\d+)$ + type: string + scaleDownDelayAfterAdd: + description: ScaleDownDelayAfterAdd - The default is '10m'. + Values must be an integer followed by an 'm'. No unit + of time other than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + scaleDownDelayAfterDelete: + description: ScaleDownDelayAfterDelete - The default is + the scan-interval. Values must be an integer followed + by an 's'. No unit of time other than seconds (s) is + supported. + pattern: ^(\d+)s$ + type: string + scaleDownDelayAfterFailure: + description: ScaleDownDelayAfterFailure - The default + is '3m'. Values must be an integer followed by an 'm'. + No unit of time other than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + scaleDownUnneededTime: + description: ScaleDownUnneededTime - The default is '10m'. + Values must be an integer followed by an 'm'. No unit + of time other than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + scaleDownUnreadyTime: + description: ScaleDownUnreadyTime - The default is '20m'. + Values must be an integer followed by an 'm'. No unit + of time other than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + scaleDownUtilizationThreshold: + description: ScaleDownUtilizationThreshold - The default + is '0.5'. + type: string + scanInterval: + description: ScanInterval - How often cluster is reevaluated + for scale up or down. The default is '10s'. + pattern: ^(\d+)s$ + type: string + skipNodesWithLocalStorage: + description: SkipNodesWithLocalStorage - The default is + false. + enum: + - "true" + - "false" + type: string + skipNodesWithSystemPods: + description: SkipNodesWithSystemPods - The default is + true. + enum: + - "true" + - "false" + type: string + type: object + azureEnvironment: + description: "AzureEnvironment is the name of the AzureCloud + to be used. The default value that would be used by most + users is \"AzurePublicCloud\", other values are: - ChinaCloud: + \"AzureChinaCloud\" - PublicCloud: \"AzurePublicCloud\" + - USGovernmentCloud: \"AzureUSGovernmentCloud\" \n Note + that values other than the default must also be accompanied + by corresponding changes to the aso-controller-settings + Secret to configure ASO to refer to the non-Public cloud. + ASO currently does not support referring to multiple different + clouds in a single installation. The following fields must + be defined in the Secret: - AZURE_AUTHORITY_HOST - AZURE_RESOURCE_MANAGER_ENDPOINT + - AZURE_RESOURCE_MANAGER_AUDIENCE \n See the [ASO docs] + for more details. \n [ASO docs]: https://azure.github.io/azure-service-operator/guide/aso-controller-settings-options/" + type: string + disableLocalAccounts: + description: DisableLocalAccounts disables getting static + credentials for this cluster when set. Expected to only + be used for AAD clusters. + type: boolean + dnsServiceIP: + description: DNSServiceIP is an IP address assigned to the + Kubernetes DNS service. It must be within the Kubernetes + service address range specified in serviceCidr. Immutable. + type: string + fleetsMember: + description: "FleetsMember is the spec for the fleet this + cluster is a member of. See also [AKS doc]. \n [AKS doc]: + https://learn.microsoft.com/en-us/azure/templates/microsoft.containerservice/2023-03-15-preview/fleets/members" + properties: + group: + description: Group is the group this member belongs to + for multi-cluster update management. + type: string + managerName: + description: ManagerName is the name of the fleet manager. + type: string + managerResourceGroup: + description: ManagerResourceGroup is the resource group + of the fleet manager. + type: string + required: + - managerName + - managerResourceGroup + type: object + httpProxyConfig: + description: HTTPProxyConfig is the HTTP proxy configuration + for the cluster. Immutable. + properties: + httpProxy: + description: HTTPProxy is the HTTP proxy server endpoint + to use. + type: string + httpsProxy: + description: HTTPSProxy is the HTTPS proxy server endpoint + to use. + type: string + noProxy: + description: NoProxy indicates the endpoints that should + not go through proxy. + items: + type: string + type: array + trustedCa: + description: TrustedCA is the alternative CA cert to use + for connecting to proxy servers. + type: string + type: object + identity: + description: Identity configuration used by the AKS control + plane. + properties: + type: + description: Type - The Identity type to use. + enum: + - SystemAssigned + - UserAssigned + type: string + userAssignedIdentityResourceID: + description: UserAssignedIdentityResourceID - Identity + ARM resource ID when using user-assigned identity. + type: string + type: object + identityRef: + description: IdentityRef is a reference to a AzureClusterIdentity + to be used when reconciling this cluster + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + kubeletUserAssignedIdentity: + description: KubeletUserAssignedIdentity is the user-assigned + identity for kubelet. For authentication with Azure Container + Registry. + type: string + loadBalancerProfile: + description: LoadBalancerProfile is the profile of the cluster + load balancer. + properties: + allocatedOutboundPorts: + description: AllocatedOutboundPorts - Desired number of + allocated SNAT ports per VM. Allowed values must be + in the range of 0 to 64000 (inclusive). The default + value is 0 which results in Azure dynamically allocating + ports. + type: integer + idleTimeoutInMinutes: + description: IdleTimeoutInMinutes - Desired outbound flow + idle timeout in minutes. Allowed values must be in the + range of 4 to 120 (inclusive). The default value is + 30 minutes. + type: integer + managedOutboundIPs: + description: ManagedOutboundIPs - Desired managed outbound + IPs for the cluster load balancer. + type: integer + outboundIPPrefixes: + description: OutboundIPPrefixes - Desired outbound IP + Prefix resources for the cluster load balancer. + items: + type: string + type: array + outboundIPs: + description: OutboundIPs - Desired outbound IP resources + for the cluster load balancer. + items: + type: string + type: array + type: object + loadBalancerSKU: + default: Standard + description: LoadBalancerSKU is the SKU of the loadBalancer + to be provisioned. Immutable. + enum: + - Basic + - Standard + type: string + location: + description: 'Location is a string matching one of the canonical + Azure region names. Examples: "westus2", "eastus".' + type: string + machineTemplate: + description: MachineTemplate contains information about how + machines should be shaped when creating or updating a control + plane. For the AzureManagedControlPlaneTemplate, this field + is used only to fulfill the CAPI contract. + type: object + networkPlugin: + description: NetworkPlugin used for building Kubernetes network. + enum: + - azure + - kubenet + - none + type: string + networkPluginMode: + description: NetworkPluginMode is the mode the network plugin + should use. Allowed value is "overlay". + enum: + - overlay + type: string + networkPolicy: + description: NetworkPolicy used for building Kubernetes network. + enum: + - azure + - calico + type: string + oidcIssuerProfile: + description: OIDCIssuerProfile is the OIDC issuer profile + of the Managed Cluster. + properties: + enabled: + description: Enabled is whether the OIDC issuer is enabled. + type: boolean + type: object + outboundType: + description: Outbound configuration used by Nodes. + enum: + - loadBalancer + - managedNATGateway + - userAssignedNATGateway + - userDefinedRouting + type: string + sku: + description: SKU is the SKU of the AKS to be provisioned. + properties: + tier: + description: Tier - Tier of an AKS cluster. + enum: + - Free + - Paid + - Standard + type: string + required: + - tier + type: object + subscriptionID: + description: SubscriptionID is the GUID of the Azure subscription + that owns this cluster. + type: string + version: + description: Version defines the desired Kubernetes version. + minLength: 2 + type: string + virtualNetwork: + description: VirtualNetwork describes the virtual network + for the AKS cluster. It will be created if it does not already + exist. + properties: + cidrBlock: + type: string + name: + type: string + resourceGroup: + description: ResourceGroup is the name of the Azure resource + group for the VNet and Subnet. + type: string + subnet: + description: ManagedControlPlaneSubnet describes a subnet + for an AKS cluster. + properties: + cidrBlock: + type: string + name: + type: string + privateEndpoints: + description: PrivateEndpoints is a slice of Virtual + Network private endpoints to create for the subnets. + items: + description: PrivateEndpointSpec configures an Azure + Private Endpoint. + properties: + applicationSecurityGroups: + description: ApplicationSecurityGroups specifies + the Application security group in which the + private endpoint IP configuration is included. + items: + type: string + type: array + customNetworkInterfaceName: + description: CustomNetworkInterfaceName specifies + the network interface name associated with + the private endpoint. + type: string + location: + description: Location specifies the region to + create the private endpoint. + type: string + manualApproval: + description: ManualApproval specifies if the + connection approval needs to be done manually + or not. Set it true when the network admin + does not have access to approve connections + to the remote resource. Defaults to false. + type: boolean + name: + description: Name specifies the name of the + private endpoint. + type: string + privateIPAddresses: + description: PrivateIPAddresses specifies the + IP addresses for the network interface associated + with the private endpoint. They have to be + part of the subnet where the private endpoint + is linked. + items: + type: string + type: array + privateLinkServiceConnections: + description: PrivateLinkServiceConnections specifies + Private Link Service Connections of the private + endpoint. + items: + description: PrivateLinkServiceConnection + defines the specification for a private + link service connection associated with + a private endpoint. + properties: + groupIDs: + description: GroupIDs specifies the ID(s) + of the group(s) obtained from the remote + resource that this private endpoint + should connect to. + items: + type: string + type: array + name: + description: Name specifies the name of + the private link service. + type: string + privateLinkServiceID: + description: PrivateLinkServiceID specifies + the resource ID of the private link + service. + type: string + requestMessage: + description: RequestMessage specifies + a message passed to the owner of the + remote resource with the private endpoint + connection request. + maxLength: 140 + type: string + type: object + type: array + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + serviceEndpoints: + description: ServiceEndpoints is a slice of Virtual + Network service endpoints to enable for the subnets. + items: + description: ServiceEndpointSpec configures an Azure + Service Endpoint. + properties: + locations: + items: + type: string + type: array + service: + type: string + required: + - locations + - service + type: object + type: array + x-kubernetes-list-map-keys: + - service + x-kubernetes-list-type: map + required: + - cidrBlock + - name + type: object + required: + - cidrBlock + - name + type: object + required: + - identityRef + - location + - version + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremanagedmachinepools.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureManagedMachinePool + listKind: AzureManagedMachinePoolList + plural: azuremanagedmachinepools + shortNames: + - ammp + singular: azuremanagedmachinepool + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.mode + name: Mode + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: AzureManagedMachinePool is the Schema for the azuremanagedmachinepools + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureManagedMachinePoolSpec defines the desired state of + AzureManagedMachinePool. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to Azure + resources managed by the Azure provider, in addition to the ones + added by default. + type: object + availabilityZones: + description: AvailabilityZones - Availability zones for nodes. Must + use VirtualMachineScaleSets AgentPoolType. Immutable. + items: + type: string + type: array + enableEncryptionAtHost: + description: "EnableEncryptionAtHost indicates whether host encryption + is enabled on the node pool. Immutable. See also [AKS doc]. \n [AKS + doc]: https://learn.microsoft.com/en-us/azure/aks/enable-host-encryption" + type: boolean + enableFIPS: + description: EnableFIPS indicates whether FIPS is enabled on the node + pool. Immutable. + type: boolean + enableNodePublicIP: + description: EnableNodePublicIP controls whether or not nodes in the + pool each have a public IP address. Immutable. + type: boolean + enableUltraSSD: + description: EnableUltraSSD enables the storage type UltraSSD_LRS + for the agent pool. Immutable. + type: boolean + kubeletConfig: + description: KubeletConfig specifies the kubelet configurations for + nodes. Immutable. + properties: + allowedUnsafeSysctls: + description: AllowedUnsafeSysctls - Allowlist of unsafe sysctls + or unsafe sysctl patterns (ending in `*`). Valid values match + `kernel.shm*`, `kernel.msg*`, `kernel.sem`, `fs.mqueue.*`, or + `net.*`. + items: + type: string + type: array + containerLogMaxFiles: + description: ContainerLogMaxFiles - The maximum number of container + log files that can be present for a container. The number must + be ≥ 2. + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: ContainerLogMaxSizeMB - The maximum size in MB of + a container log file before it is rotated. + type: integer + cpuCfsQuota: + description: CPUCfsQuota - Enable CPU CFS quota enforcement for + containers that specify CPU limits. + type: boolean + cpuCfsQuotaPeriod: + description: CPUCfsQuotaPeriod - Sets CPU CFS quota period value. + Must end in "ms", e.g. "100ms" + type: string + cpuManagerPolicy: + description: CPUManagerPolicy - CPU Manager policy to use. + enum: + - none + - static + type: string + failSwapOn: + description: FailSwapOn - If set to true it will make the Kubelet + fail to start if swap is enabled on the node. + type: boolean + imageGcHighThreshold: + description: ImageGcHighThreshold - The percent of disk usage + after which image garbage collection is always run. Valid values + are 0-100 (inclusive). + maximum: 100 + minimum: 0 + type: integer + imageGcLowThreshold: + description: ImageGcLowThreshold - The percent of disk usage before + which image garbage collection is never run. Valid values are + 0-100 (inclusive) and must be less than `imageGcHighThreshold`. + maximum: 100 + minimum: 0 + type: integer + podMaxPids: + description: PodMaxPids - The maximum number of processes per + pod. Must not exceed kernel PID limit. -1 disables the limit. + minimum: -1 + type: integer + topologyManagerPolicy: + description: TopologyManagerPolicy - Topology Manager policy to + use. + enum: + - none + - best-effort + - restricted + - single-numa-node + type: string + type: object + kubeletDiskType: + description: "KubeletDiskType specifies the kubelet disk type. Default + to OS. Possible values include: 'OS', 'Temporary'. Requires Microsoft.ContainerService/KubeletDisk + preview feature to be set. Immutable. See also [AKS doc]. \n [AKS + doc]: https://learn.microsoft.com/rest/api/aks/agent-pools/create-or-update?tabs=HTTP#kubeletdisktype" + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: LinuxOSConfig specifies the custom Linux OS settings + and configurations. Immutable. + properties: + swapFileSizeMB: + description: "SwapFileSizeMB specifies size in MB of a swap file + will be created on the agent nodes from this node pool. Max + value of SwapFileSizeMB should be the size of temporary disk(/dev/sdb). + Must be at least 1. See also [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/azure/virtual-machines/managed-disks-overview#temporary-disk" + minimum: 1 + type: integer + sysctls: + description: Sysctl specifies the settings for Linux agent nodes. + properties: + fsAioMaxNr: + description: FsAioMaxNr specifies the maximum number of system-wide + asynchronous io requests. Valid values are 65536-6553500 + (inclusive). Maps to fs.aio-max-nr. + maximum: 6553500 + minimum: 65536 + type: integer + fsFileMax: + description: FsFileMax specifies the max number of file-handles + that the Linux kernel will allocate, by increasing increases + the maximum number of open files permitted. Valid values + are 8192-12000500 (inclusive). Maps to fs.file-max. + maximum: 12000500 + minimum: 8192 + type: integer + fsInotifyMaxUserWatches: + description: FsInotifyMaxUserWatches specifies the number + of file watches allowed by the system. Each watch is roughly + 90 bytes on a 32-bit kernel, and roughly 160 bytes on a + 64-bit kernel. Valid values are 781250-2097152 (inclusive). + Maps to fs.inotify.max_user_watches. + maximum: 2097152 + minimum: 781250 + type: integer + fsNrOpen: + description: FsNrOpen specifies the maximum number of file-handles + a process can allocate. Valid values are 8192-20000500 (inclusive). + Maps to fs.nr_open. + maximum: 20000500 + minimum: 8192 + type: integer + kernelThreadsMax: + description: KernelThreadsMax specifies the maximum number + of all threads that can be created. Valid values are 20-513785 + (inclusive). Maps to kernel.threads-max. + maximum: 513785 + minimum: 20 + type: integer + netCoreNetdevMaxBacklog: + description: NetCoreNetdevMaxBacklog specifies maximum number + of packets, queued on the INPUT side, when the interface + receives packets faster than kernel can process them. Valid + values are 1000-3240000 (inclusive). Maps to net.core.netdev_max_backlog. + maximum: 3240000 + minimum: 1000 + type: integer + netCoreOptmemMax: + description: NetCoreOptmemMax specifies the maximum ancillary + buffer size (option memory buffer) allowed per socket. Socket + option memory is used in a few cases to store extra structures + relating to usage of the socket. Valid values are 20480-4194304 + (inclusive). Maps to net.core.optmem_max. + maximum: 4194304 + minimum: 20480 + type: integer + netCoreRmemDefault: + description: NetCoreRmemDefault specifies the default receive + socket buffer size in bytes. Valid values are 212992-134217728 + (inclusive). Maps to net.core.rmem_default. + maximum: 134217728 + minimum: 212992 + type: integer + netCoreRmemMax: + description: NetCoreRmemMax specifies the maximum receive + socket buffer size in bytes. Valid values are 212992-134217728 + (inclusive). Maps to net.core.rmem_max. + maximum: 134217728 + minimum: 212992 + type: integer + netCoreSomaxconn: + description: NetCoreSomaxconn specifies maximum number of + connection requests that can be queued for any given listening + socket. An upper limit for the value of the backlog parameter + passed to the listen(2)(https://man7.org/linux/man-pages/man2/listen.2.html) + function. If the backlog argument is greater than the somaxconn, + then it's silently truncated to this limit. Valid values + are 4096-3240000 (inclusive). Maps to net.core.somaxconn. + maximum: 3240000 + minimum: 4096 + type: integer + netCoreWmemDefault: + description: NetCoreWmemDefault specifies the default send + socket buffer size in bytes. Valid values are 212992-134217728 + (inclusive). Maps to net.core.wmem_default. + maximum: 134217728 + minimum: 212992 + type: integer + netCoreWmemMax: + description: NetCoreWmemMax specifies the maximum send socket + buffer size in bytes. Valid values are 212992-134217728 + (inclusive). Maps to net.core.wmem_max. + maximum: 134217728 + minimum: 212992 + type: integer + netIpv4IPLocalPortRange: + description: NetIpv4IPLocalPortRange is used by TCP and UDP + traffic to choose the local port on the agent node. PortRange + should be specified in the format "first last". First, being + an integer, must be between [1024 - 60999]. Last, being + an integer, must be between [32768 - 65000]. Maps to net.ipv4.ip_local_port_range. + type: string + netIpv4NeighDefaultGcThresh1: + description: NetIpv4NeighDefaultGcThresh1 specifies the minimum + number of entries that may be in the ARP cache. Garbage + collection won't be triggered if the number of entries is + below this setting. Valid values are 128-80000 (inclusive). + Maps to net.ipv4.neigh.default.gc_thresh1. + maximum: 80000 + minimum: 128 + type: integer + netIpv4NeighDefaultGcThresh2: + description: NetIpv4NeighDefaultGcThresh2 specifies soft maximum + number of entries that may be in the ARP cache. ARP garbage + collection will be triggered about 5 seconds after reaching + this soft maximum. Valid values are 512-90000 (inclusive). + Maps to net.ipv4.neigh.default.gc_thresh2. + maximum: 90000 + minimum: 512 + type: integer + netIpv4NeighDefaultGcThresh3: + description: NetIpv4NeighDefaultGcThresh3 specified hard maximum + number of entries in the ARP cache. Valid values are 1024-100000 + (inclusive). Maps to net.ipv4.neigh.default.gc_thresh3. + maximum: 100000 + minimum: 1024 + type: integer + netIpv4TCPFinTimeout: + description: NetIpv4TCPFinTimeout specifies the length of + time an orphaned connection will remain in the FIN_WAIT_2 + state before it's aborted at the local end. Valid values + are 5-120 (inclusive). Maps to net.ipv4.tcp_fin_timeout. + maximum: 120 + minimum: 5 + type: integer + netIpv4TCPKeepaliveProbes: + description: NetIpv4TCPKeepaliveProbes specifies the number + of keepalive probes TCP sends out, until it decides the + connection is broken. Valid values are 1-15 (inclusive). + Maps to net.ipv4.tcp_keepalive_probes. + maximum: 15 + minimum: 1 + type: integer + netIpv4TCPKeepaliveTime: + description: NetIpv4TCPKeepaliveTime specifies the rate at + which TCP sends out a keepalive message when keepalive is + enabled. Valid values are 30-432000 (inclusive). Maps to + net.ipv4.tcp_keepalive_time. + maximum: 432000 + minimum: 30 + type: integer + netIpv4TCPMaxSynBacklog: + description: NetIpv4TCPMaxSynBacklog specifies the maximum + number of queued connection requests that have still not + received an acknowledgment from the connecting client. If + this number is exceeded, the kernel will begin dropping + requests. Valid values are 128-3240000 (inclusive). Maps + to net.ipv4.tcp_max_syn_backlog. + maximum: 3240000 + minimum: 128 + type: integer + netIpv4TCPMaxTwBuckets: + description: NetIpv4TCPMaxTwBuckets specifies maximal number + of timewait sockets held by system simultaneously. If this + number is exceeded, time-wait socket is immediately destroyed + and warning is printed. Valid values are 8000-1440000 (inclusive). + Maps to net.ipv4.tcp_max_tw_buckets. + maximum: 1440000 + minimum: 8000 + type: integer + netIpv4TCPTwReuse: + description: NetIpv4TCPTwReuse is used to allow to reuse TIME-WAIT + sockets for new connections when it's safe from protocol + viewpoint. Maps to net.ipv4.tcp_tw_reuse. + type: boolean + netIpv4TCPkeepaliveIntvl: + description: NetIpv4TCPkeepaliveIntvl specifies the frequency + of the probes sent out. Multiplied by tcpKeepaliveprobes, + it makes up the time to kill a connection that isn't responding, + after probes started. Valid values are 1-75 (inclusive). + Maps to net.ipv4.tcp_keepalive_intvl. + maximum: 75 + minimum: 1 + type: integer + netNetfilterNfConntrackBuckets: + description: NetNetfilterNfConntrackBuckets specifies the + size of hash table used by nf_conntrack module to record + the established connection record of the TCP protocol. Valid + values are 65536-147456 (inclusive). Maps to net.netfilter.nf_conntrack_buckets. + maximum: 147456 + minimum: 65536 + type: integer + netNetfilterNfConntrackMax: + description: NetNetfilterNfConntrackMax specifies the maximum + number of connections supported by the nf_conntrack module + or the size of connection tracking table. Valid values are + 131072-1048576 (inclusive). Maps to net.netfilter.nf_conntrack_max. + maximum: 1048576 + minimum: 131072 + type: integer + vmMaxMapCount: + description: VMMaxMapCount specifies the maximum number of + memory map areas a process may have. Maps to vm.max_map_count. + Valid values are 65530-262144 (inclusive). + maximum: 262144 + minimum: 65530 + type: integer + vmSwappiness: + description: VMSwappiness specifies aggressiveness of the + kernel in swapping memory pages. Higher values will increase + aggressiveness, lower values decrease the amount of swap. + Valid values are 0-100 (inclusive). Maps to vm.swappiness. + maximum: 100 + minimum: 0 + type: integer + vmVfsCachePressure: + description: VMVfsCachePressure specifies the percentage value + that controls tendency of the kernel to reclaim the memory, + which is used for caching of directory and inode objects. + Valid values are 1-500 (inclusive). Maps to vm.vfs_cache_pressure. + maximum: 500 + minimum: 1 + type: integer + type: object + transparentHugePageDefrag: + description: "TransparentHugePageDefrag specifies whether the + kernel should make aggressive use of memory compaction to make + more hugepages available. See also [Linux doc]. \n [Linux doc]: + https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge + for more details." + enum: + - always + - defer + - defer+madvise + - madvise + - never + type: string + transparentHugePageEnabled: + description: "TransparentHugePageEnabled specifies various modes + of Transparent Hugepages. See also [Linux doc]. \n [Linux doc]: + https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge + for more details." + enum: + - always + - madvise + - never + type: string + type: object + maxPods: + description: "MaxPods specifies the kubelet `--max-pods` configuration + for the node pool. Immutable. See also [AKS doc], [K8s doc]. \n + [AKS doc]: https://learn.microsoft.com/azure/aks/configure-azure-cni#configure-maximum---new-clusters + [K8s doc]: https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/" + type: integer + mode: + description: 'Mode represents the mode of an agent pool. Possible + values include: System, User.' + enum: + - System + - User + type: string + name: + description: Name is the name of the agent pool. If not specified, + CAPZ uses the name of the CR as the agent pool name. Immutable. + type: string + nodeLabels: + additionalProperties: + type: string + description: "Node labels represent the labels for all of the nodes + present in node pool. See also [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/azure/aks/use-labels" + type: object + nodePublicIPPrefixID: + description: NodePublicIPPrefixID specifies the public IP prefix resource + ID which VM nodes should use IPs from. Immutable. + type: string + osDiskSizeGB: + description: OSDiskSizeGB is the disk size for every machine in this + agent pool. If you specify 0, it will apply the default osDisk size + according to the vmSize specified. Immutable. + type: integer + osDiskType: + default: Managed + description: "OsDiskType specifies the OS disk type for each node + in the pool. Allowed values are 'Ephemeral' and 'Managed' (default). + Immutable. See also [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/azure/aks/cluster-configuration#ephemeral-os" + enum: + - Ephemeral + - Managed + type: string + osType: + description: "OSType specifies the virtual machine operating system. + Default to Linux. Possible values include: 'Linux', 'Windows'. 'Windows' + requires the AzureManagedControlPlane's `spec.networkPlugin` to + be `azure`. Immutable. See also [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/rest/api/aks/agent-pools/create-or-update?tabs=HTTP#ostype" + enum: + - Linux + - Windows + type: string + providerIDList: + description: ProviderIDList is the unique identifier as specified + by the cloud provider. + items: + type: string + type: array + scaleDownMode: + default: Delete + description: 'ScaleDownMode affects the cluster autoscaler behavior. + Default to Delete. Possible values include: ''Deallocate'', ''Delete''' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority specifies the ScaleSetPriority value. + Default to Regular. Possible values include: ''Regular'', ''Spot'' + Immutable.' + enum: + - Regular + - Spot + type: string + scaling: + description: Scaling specifies the autoscaling parameters for the + node pool. + properties: + maxSize: + description: MaxSize is the maximum number of nodes for auto-scaling. + type: integer + minSize: + description: MinSize is the minimum number of nodes for auto-scaling. + type: integer + type: object + sku: + description: SKU is the size of the VMs in the node pool. Immutable. + type: string + spotMaxPrice: + anyOf: + - type: integer + - type: string + description: SpotMaxPrice defines max price to pay for spot instance. + Possible values are any decimal value greater than zero or -1. If + you set the max price to be -1, the VM won't be evicted based on + price. The price for the VM will be the current price for spot or + the price for a standard VM, which ever is less, as long as there's + capacity and quota available. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + subnetName: + description: SubnetName specifies the Subnet where the MachinePool + will be placed Immutable. + type: string + taints: + description: "Taints specifies the taints for nodes present in this + agent pool. See also [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/azure/aks/use-multiple-node-pools#setting-node-pool-taints" + items: + description: Taint represents a Kubernetes taint. + properties: + effect: + description: Effect specifies the effect for the taint + enum: + - NoSchedule + - NoExecute + - PreferNoSchedule + type: string + key: + description: Key is the key of the taint + type: string + value: + description: Value is the value of the taint + type: string + required: + - effect + - key + - value + type: object + type: array + required: + - mode + - sku + type: object + status: + description: AzureManagedMachinePoolStatus defines the observed state + of AzureManagedMachinePool. + properties: + conditions: + description: Conditions defines current service state of the AzureManagedControlPlane. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + errorMessage: + description: Any transient errors that occur during the reconciliation + of Machines can be added as events to the Machine object and/or + logged in the controller's output. + type: string + errorReason: + description: Any transient errors that occur during the reconciliation + of Machines can be added as events to the Machine object and/or + logged in the controller's output. + type: string + longRunningOperationStates: + description: LongRunningOperationStates saves the states for Azure + long-running operations so they can be continued on the next reconciliation + loop. + items: + description: Future contains the data needed for an Azure long-running + operation to continue across reconcile loops. + properties: + data: + description: Data is the base64 url encoded json Azure AutoRest + Future. + type: string + name: + description: Name is the name of the Azure resource. Together + with the service name, this forms the unique identifier for + the future. + type: string + resourceGroup: + description: ResourceGroup is the Azure resource group for the + resource. + type: string + serviceName: + description: ServiceName is the name of the Azure service. Together + with the name of the resource, this forms the unique identifier + for the future. + type: string + type: + description: Type describes the type of future, such as update, + create, delete, etc. + type: string + required: + - data + - name + - serviceName + - type + type: object + type: array + ready: + description: Ready is true when the provider resource is ready. + type: boolean + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremanagedmachinepooltemplates.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureManagedMachinePoolTemplate + listKind: AzureManagedMachinePoolTemplateList + plural: azuremanagedmachinepooltemplates + shortNames: + - ammpt + singular: azuremanagedmachinepooltemplate + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AzureManagedMachinePoolTemplate is the Schema for the AzureManagedMachinePoolTemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureManagedMachinePoolTemplateSpec defines the desired state + of AzureManagedMachinePoolTemplate. + properties: + template: + description: AzureManagedMachinePoolTemplateResource describes the + data needed to create an AzureManagedCluster from a template. + properties: + spec: + description: AzureManagedMachinePoolTemplateResourceSpec specifies + an Azure managed control plane template resource. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to + add to Azure resources managed by the Azure provider, in + addition to the ones added by default. + type: object + availabilityZones: + description: AvailabilityZones - Availability zones for nodes. + Must use VirtualMachineScaleSets AgentPoolType. Immutable. + items: + type: string + type: array + enableEncryptionAtHost: + description: "EnableEncryptionAtHost indicates whether host + encryption is enabled on the node pool. Immutable. See also + [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/en-us/azure/aks/enable-host-encryption" + type: boolean + enableFIPS: + description: EnableFIPS indicates whether FIPS is enabled + on the node pool. Immutable. + type: boolean + enableNodePublicIP: + description: EnableNodePublicIP controls whether or not nodes + in the pool each have a public IP address. Immutable. + type: boolean + enableUltraSSD: + description: EnableUltraSSD enables the storage type UltraSSD_LRS + for the agent pool. Immutable. + type: boolean + kubeletConfig: + description: KubeletConfig specifies the kubelet configurations + for nodes. Immutable. + properties: + allowedUnsafeSysctls: + description: AllowedUnsafeSysctls - Allowlist of unsafe + sysctls or unsafe sysctl patterns (ending in `*`). Valid + values match `kernel.shm*`, `kernel.msg*`, `kernel.sem`, + `fs.mqueue.*`, or `net.*`. + items: + type: string + type: array + containerLogMaxFiles: + description: ContainerLogMaxFiles - The maximum number + of container log files that can be present for a container. + The number must be ≥ 2. + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: ContainerLogMaxSizeMB - The maximum size + in MB of a container log file before it is rotated. + type: integer + cpuCfsQuota: + description: CPUCfsQuota - Enable CPU CFS quota enforcement + for containers that specify CPU limits. + type: boolean + cpuCfsQuotaPeriod: + description: CPUCfsQuotaPeriod - Sets CPU CFS quota period + value. Must end in "ms", e.g. "100ms" + type: string + cpuManagerPolicy: + description: CPUManagerPolicy - CPU Manager policy to + use. + enum: + - none + - static + type: string + failSwapOn: + description: FailSwapOn - If set to true it will make + the Kubelet fail to start if swap is enabled on the + node. + type: boolean + imageGcHighThreshold: + description: ImageGcHighThreshold - The percent of disk + usage after which image garbage collection is always + run. Valid values are 0-100 (inclusive). + maximum: 100 + minimum: 0 + type: integer + imageGcLowThreshold: + description: ImageGcLowThreshold - The percent of disk + usage before which image garbage collection is never + run. Valid values are 0-100 (inclusive) and must be + less than `imageGcHighThreshold`. + maximum: 100 + minimum: 0 + type: integer + podMaxPids: + description: PodMaxPids - The maximum number of processes + per pod. Must not exceed kernel PID limit. -1 disables + the limit. + minimum: -1 + type: integer + topologyManagerPolicy: + description: TopologyManagerPolicy - Topology Manager + policy to use. + enum: + - none + - best-effort + - restricted + - single-numa-node + type: string + type: object + kubeletDiskType: + description: "KubeletDiskType specifies the kubelet disk type. + Default to OS. Possible values include: 'OS', 'Temporary'. + Requires Microsoft.ContainerService/KubeletDisk preview + feature to be set. Immutable. See also [AKS doc]. \n [AKS + doc]: https://learn.microsoft.com/rest/api/aks/agent-pools/create-or-update?tabs=HTTP#kubeletdisktype" + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: LinuxOSConfig specifies the custom Linux OS settings + and configurations. Immutable. + properties: + swapFileSizeMB: + description: "SwapFileSizeMB specifies size in MB of a + swap file will be created on the agent nodes from this + node pool. Max value of SwapFileSizeMB should be the + size of temporary disk(/dev/sdb). Must be at least 1. + See also [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/azure/virtual-machines/managed-disks-overview#temporary-disk" + minimum: 1 + type: integer + sysctls: + description: Sysctl specifies the settings for Linux agent + nodes. + properties: + fsAioMaxNr: + description: FsAioMaxNr specifies the maximum number + of system-wide asynchronous io requests. Valid values + are 65536-6553500 (inclusive). Maps to fs.aio-max-nr. + maximum: 6553500 + minimum: 65536 + type: integer + fsFileMax: + description: FsFileMax specifies the max number of + file-handles that the Linux kernel will allocate, + by increasing increases the maximum number of open + files permitted. Valid values are 8192-12000500 + (inclusive). Maps to fs.file-max. + maximum: 12000500 + minimum: 8192 + type: integer + fsInotifyMaxUserWatches: + description: FsInotifyMaxUserWatches specifies the + number of file watches allowed by the system. Each + watch is roughly 90 bytes on a 32-bit kernel, and + roughly 160 bytes on a 64-bit kernel. Valid values + are 781250-2097152 (inclusive). Maps to fs.inotify.max_user_watches. + maximum: 2097152 + minimum: 781250 + type: integer + fsNrOpen: + description: FsNrOpen specifies the maximum number + of file-handles a process can allocate. Valid values + are 8192-20000500 (inclusive). Maps to fs.nr_open. + maximum: 20000500 + minimum: 8192 + type: integer + kernelThreadsMax: + description: KernelThreadsMax specifies the maximum + number of all threads that can be created. Valid + values are 20-513785 (inclusive). Maps to kernel.threads-max. + maximum: 513785 + minimum: 20 + type: integer + netCoreNetdevMaxBacklog: + description: NetCoreNetdevMaxBacklog specifies maximum + number of packets, queued on the INPUT side, when + the interface receives packets faster than kernel + can process them. Valid values are 1000-3240000 + (inclusive). Maps to net.core.netdev_max_backlog. + maximum: 3240000 + minimum: 1000 + type: integer + netCoreOptmemMax: + description: NetCoreOptmemMax specifies the maximum + ancillary buffer size (option memory buffer) allowed + per socket. Socket option memory is used in a few + cases to store extra structures relating to usage + of the socket. Valid values are 20480-4194304 (inclusive). + Maps to net.core.optmem_max. + maximum: 4194304 + minimum: 20480 + type: integer + netCoreRmemDefault: + description: NetCoreRmemDefault specifies the default + receive socket buffer size in bytes. Valid values + are 212992-134217728 (inclusive). Maps to net.core.rmem_default. + maximum: 134217728 + minimum: 212992 + type: integer + netCoreRmemMax: + description: NetCoreRmemMax specifies the maximum + receive socket buffer size in bytes. Valid values + are 212992-134217728 (inclusive). Maps to net.core.rmem_max. + maximum: 134217728 + minimum: 212992 + type: integer + netCoreSomaxconn: + description: NetCoreSomaxconn specifies maximum number + of connection requests that can be queued for any + given listening socket. An upper limit for the value + of the backlog parameter passed to the listen(2)(https://man7.org/linux/man-pages/man2/listen.2.html) + function. If the backlog argument is greater than + the somaxconn, then it's silently truncated to this + limit. Valid values are 4096-3240000 (inclusive). + Maps to net.core.somaxconn. + maximum: 3240000 + minimum: 4096 + type: integer + netCoreWmemDefault: + description: NetCoreWmemDefault specifies the default + send socket buffer size in bytes. Valid values are + 212992-134217728 (inclusive). Maps to net.core.wmem_default. + maximum: 134217728 + minimum: 212992 + type: integer + netCoreWmemMax: + description: NetCoreWmemMax specifies the maximum + send socket buffer size in bytes. Valid values are + 212992-134217728 (inclusive). Maps to net.core.wmem_max. + maximum: 134217728 + minimum: 212992 + type: integer + netIpv4IPLocalPortRange: + description: NetIpv4IPLocalPortRange is used by TCP + and UDP traffic to choose the local port on the + agent node. PortRange should be specified in the + format "first last". First, being an integer, must + be between [1024 - 60999]. Last, being an integer, + must be between [32768 - 65000]. Maps to net.ipv4.ip_local_port_range. + type: string + netIpv4NeighDefaultGcThresh1: + description: NetIpv4NeighDefaultGcThresh1 specifies + the minimum number of entries that may be in the + ARP cache. Garbage collection won't be triggered + if the number of entries is below this setting. + Valid values are 128-80000 (inclusive). Maps to + net.ipv4.neigh.default.gc_thresh1. + maximum: 80000 + minimum: 128 + type: integer + netIpv4NeighDefaultGcThresh2: + description: NetIpv4NeighDefaultGcThresh2 specifies + soft maximum number of entries that may be in the + ARP cache. ARP garbage collection will be triggered + about 5 seconds after reaching this soft maximum. + Valid values are 512-90000 (inclusive). Maps to + net.ipv4.neigh.default.gc_thresh2. + maximum: 90000 + minimum: 512 + type: integer + netIpv4NeighDefaultGcThresh3: + description: NetIpv4NeighDefaultGcThresh3 specified + hard maximum number of entries in the ARP cache. + Valid values are 1024-100000 (inclusive). Maps to + net.ipv4.neigh.default.gc_thresh3. + maximum: 100000 + minimum: 1024 + type: integer + netIpv4TCPFinTimeout: + description: NetIpv4TCPFinTimeout specifies the length + of time an orphaned connection will remain in the + FIN_WAIT_2 state before it's aborted at the local + end. Valid values are 5-120 (inclusive). Maps to + net.ipv4.tcp_fin_timeout. + maximum: 120 + minimum: 5 + type: integer + netIpv4TCPKeepaliveProbes: + description: NetIpv4TCPKeepaliveProbes specifies the + number of keepalive probes TCP sends out, until + it decides the connection is broken. Valid values + are 1-15 (inclusive). Maps to net.ipv4.tcp_keepalive_probes. + maximum: 15 + minimum: 1 + type: integer + netIpv4TCPKeepaliveTime: + description: NetIpv4TCPKeepaliveTime specifies the + rate at which TCP sends out a keepalive message + when keepalive is enabled. Valid values are 30-432000 + (inclusive). Maps to net.ipv4.tcp_keepalive_time. + maximum: 432000 + minimum: 30 + type: integer + netIpv4TCPMaxSynBacklog: + description: NetIpv4TCPMaxSynBacklog specifies the + maximum number of queued connection requests that + have still not received an acknowledgment from the + connecting client. If this number is exceeded, the + kernel will begin dropping requests. Valid values + are 128-3240000 (inclusive). Maps to net.ipv4.tcp_max_syn_backlog. + maximum: 3240000 + minimum: 128 + type: integer + netIpv4TCPMaxTwBuckets: + description: NetIpv4TCPMaxTwBuckets specifies maximal + number of timewait sockets held by system simultaneously. + If this number is exceeded, time-wait socket is + immediately destroyed and warning is printed. Valid + values are 8000-1440000 (inclusive). Maps to net.ipv4.tcp_max_tw_buckets. + maximum: 1440000 + minimum: 8000 + type: integer + netIpv4TCPTwReuse: + description: NetIpv4TCPTwReuse is used to allow to + reuse TIME-WAIT sockets for new connections when + it's safe from protocol viewpoint. Maps to net.ipv4.tcp_tw_reuse. + type: boolean + netIpv4TCPkeepaliveIntvl: + description: NetIpv4TCPkeepaliveIntvl specifies the + frequency of the probes sent out. Multiplied by + tcpKeepaliveprobes, it makes up the time to kill + a connection that isn't responding, after probes + started. Valid values are 1-75 (inclusive). Maps + to net.ipv4.tcp_keepalive_intvl. + maximum: 75 + minimum: 1 + type: integer + netNetfilterNfConntrackBuckets: + description: NetNetfilterNfConntrackBuckets specifies + the size of hash table used by nf_conntrack module + to record the established connection record of the + TCP protocol. Valid values are 65536-147456 (inclusive). + Maps to net.netfilter.nf_conntrack_buckets. + maximum: 147456 + minimum: 65536 + type: integer + netNetfilterNfConntrackMax: + description: NetNetfilterNfConntrackMax specifies + the maximum number of connections supported by the + nf_conntrack module or the size of connection tracking + table. Valid values are 131072-1048576 (inclusive). + Maps to net.netfilter.nf_conntrack_max. + maximum: 1048576 + minimum: 131072 + type: integer + vmMaxMapCount: + description: VMMaxMapCount specifies the maximum number + of memory map areas a process may have. Maps to + vm.max_map_count. Valid values are 65530-262144 + (inclusive). + maximum: 262144 + minimum: 65530 + type: integer + vmSwappiness: + description: VMSwappiness specifies aggressiveness + of the kernel in swapping memory pages. Higher values + will increase aggressiveness, lower values decrease + the amount of swap. Valid values are 0-100 (inclusive). + Maps to vm.swappiness. + maximum: 100 + minimum: 0 + type: integer + vmVfsCachePressure: + description: VMVfsCachePressure specifies the percentage + value that controls tendency of the kernel to reclaim + the memory, which is used for caching of directory + and inode objects. Valid values are 1-500 (inclusive). + Maps to vm.vfs_cache_pressure. + maximum: 500 + minimum: 1 + type: integer + type: object + transparentHugePageDefrag: + description: "TransparentHugePageDefrag specifies whether + the kernel should make aggressive use of memory compaction + to make more hugepages available. See also [Linux doc]. + \n [Linux doc]: https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge + for more details." + enum: + - always + - defer + - defer+madvise + - madvise + - never + type: string + transparentHugePageEnabled: + description: "TransparentHugePageEnabled specifies various + modes of Transparent Hugepages. See also [Linux doc]. + \n [Linux doc]: https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge + for more details." + enum: + - always + - madvise + - never + type: string + type: object + maxPods: + description: "MaxPods specifies the kubelet `--max-pods` configuration + for the node pool. Immutable. See also [AKS doc], [K8s doc]. + \n [AKS doc]: https://learn.microsoft.com/azure/aks/configure-azure-cni#configure-maximum---new-clusters + [K8s doc]: https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/" + type: integer + mode: + description: 'Mode represents the mode of an agent pool. Possible + values include: System, User.' + enum: + - System + - User + type: string + name: + description: Name is the name of the agent pool. If not specified, + CAPZ uses the name of the CR as the agent pool name. Immutable. + type: string + nodeLabels: + additionalProperties: + type: string + description: "Node labels represent the labels for all of + the nodes present in node pool. See also [AKS doc]. \n [AKS + doc]: https://learn.microsoft.com/azure/aks/use-labels" + type: object + nodePublicIPPrefixID: + description: NodePublicIPPrefixID specifies the public IP + prefix resource ID which VM nodes should use IPs from. Immutable. + type: string + osDiskSizeGB: + description: OSDiskSizeGB is the disk size for every machine + in this agent pool. If you specify 0, it will apply the + default osDisk size according to the vmSize specified. Immutable. + type: integer + osDiskType: + default: Managed + description: "OsDiskType specifies the OS disk type for each + node in the pool. Allowed values are 'Ephemeral' and 'Managed' + (default). Immutable. See also [AKS doc]. \n [AKS doc]: + https://learn.microsoft.com/azure/aks/cluster-configuration#ephemeral-os" + enum: + - Ephemeral + - Managed + type: string + osType: + description: "OSType specifies the virtual machine operating + system. Default to Linux. Possible values include: 'Linux', + 'Windows'. 'Windows' requires the AzureManagedControlPlane's + `spec.networkPlugin` to be `azure`. Immutable. See also + [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/rest/api/aks/agent-pools/create-or-update?tabs=HTTP#ostype" + enum: + - Linux + - Windows + type: string + scaleDownMode: + default: Delete + description: 'ScaleDownMode affects the cluster autoscaler + behavior. Default to Delete. Possible values include: ''Deallocate'', + ''Delete''' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority specifies the ScaleSetPriority + value. Default to Regular. Possible values include: ''Regular'', + ''Spot'' Immutable.' + enum: + - Regular + - Spot + type: string + scaling: + description: Scaling specifies the autoscaling parameters + for the node pool. + properties: + maxSize: + description: MaxSize is the maximum number of nodes for + auto-scaling. + type: integer + minSize: + description: MinSize is the minimum number of nodes for + auto-scaling. + type: integer + type: object + sku: + description: SKU is the size of the VMs in the node pool. + Immutable. + type: string + spotMaxPrice: + anyOf: + - type: integer + - type: string + description: SpotMaxPrice defines max price to pay for spot + instance. Possible values are any decimal value greater + than zero or -1. If you set the max price to be -1, the + VM won't be evicted based on price. The price for the VM + will be the current price for spot or the price for a standard + VM, which ever is less, as long as there's capacity and + quota available. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + subnetName: + description: SubnetName specifies the Subnet where the MachinePool + will be placed Immutable. + type: string + taints: + description: "Taints specifies the taints for nodes present + in this agent pool. See also [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/azure/aks/use-multiple-node-pools#setting-node-pool-taints" + items: + description: Taint represents a Kubernetes taint. + properties: + effect: + description: Effect specifies the effect for the taint + enum: + - NoSchedule + - NoExecute + - PreferNoSchedule + type: string + key: + description: Key is the key of the taint + type: string + value: + description: Value is the value of the taint + type: string + required: + - effect + - key + - value + type: object + type: array + required: + - mode + - sku + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.5.0 + name: bastionhosts.network.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: network.azure.com + names: + kind: BastionHost + listKind: BastionHostList + plural: bastionhosts + singular: bastionhost + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20220701 + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/bastionHost.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/bastionHosts/{bastionHostName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + disableCopyPaste: + description: 'DisableCopyPaste: Enable/Disable Copy/Paste feature + of the Bastion Host resource.' + type: boolean + dnsName: + description: 'DnsName: FQDN for the endpoint on which bastion host + is accessible.' + type: string + enableFileCopy: + description: 'EnableFileCopy: Enable/Disable File Copy feature of + the Bastion Host resource.' + type: boolean + enableIpConnect: + description: 'EnableIpConnect: Enable/Disable IP Connect feature of + the Bastion Host resource.' + type: boolean + enableShareableLink: + description: 'EnableShareableLink: Enable/Disable Shareable Link of + the Bastion Host resource.' + type: boolean + enableTunneling: + description: 'EnableTunneling: Enable/Disable Tunneling feature of + the Bastion Host resource.' + type: boolean + ipConfigurations: + description: 'IpConfigurations: IP configuration of the Bastion Host + resource.' + items: + description: IP configuration of an Bastion Host. + properties: + name: + description: 'Name: Name of the resource that is unique within + a resource group. This name can be used to access the resource.' + type: string + privateIPAllocationMethod: + description: 'PrivateIPAllocationMethod: Private IP allocation + method.' + enum: + - Dynamic + - Static + type: string + publicIPAddress: + description: 'PublicIPAddress: Reference of the PublicIP resource.' + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + subnet: + description: 'Subnet: Reference of the subnet resource.' + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + required: + - publicIPAddress + - subnet + type: object + type: array + location: + description: 'Location: Resource location.' + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + scaleUnits: + description: 'ScaleUnits: The scale units for the Bastion Host resource.' + maximum: 50 + minimum: 2 + type: integer + sku: + description: 'Sku: The sku of this Bastion Host.' + properties: + name: + description: 'Name: The name of this Bastion Host.' + enum: + - Basic + - Standard + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + required: + - owner + type: object + status: + description: Bastion Host resource. + properties: + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + disableCopyPaste: + description: 'DisableCopyPaste: Enable/Disable Copy/Paste feature + of the Bastion Host resource.' + type: boolean + dnsName: + description: 'DnsName: FQDN for the endpoint on which bastion host + is accessible.' + type: string + enableFileCopy: + description: 'EnableFileCopy: Enable/Disable File Copy feature of + the Bastion Host resource.' + type: boolean + enableIpConnect: + description: 'EnableIpConnect: Enable/Disable IP Connect feature of + the Bastion Host resource.' + type: boolean + enableShareableLink: + description: 'EnableShareableLink: Enable/Disable Shareable Link of + the Bastion Host resource.' + type: boolean + enableTunneling: + description: 'EnableTunneling: Enable/Disable Tunneling feature of + the Bastion Host resource.' + type: boolean + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + id: + description: 'Id: Resource ID.' + type: string + ipConfigurations: + description: 'IpConfigurations: IP configuration of the Bastion Host + resource.' + items: + description: IP configuration of an Bastion Host. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + location: + description: 'Location: Resource location.' + type: string + name: + description: 'Name: Resource name.' + type: string + provisioningState: + description: 'ProvisioningState: The provisioning state of the bastion + host resource.' + type: string + scaleUnits: + description: 'ScaleUnits: The scale units for the Bastion Host resource.' + type: integer + sku: + description: 'Sku: The sku of this Bastion Host.' + properties: + name: + description: 'Name: The name of this Bastion Host.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: Resource type.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20220701storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20220701.BastionHost Generator information: + - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/bastionHost.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/bastionHosts/{bastionHostName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20220701.BastionHost_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + disableCopyPaste: + type: boolean + dnsName: + type: string + enableFileCopy: + type: boolean + enableIpConnect: + type: boolean + enableShareableLink: + type: boolean + enableTunneling: + type: boolean + ipConfigurations: + items: + description: Storage version of v1api20220701.BastionHostIPConfiguration + IP configuration of an Bastion Host. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + privateIPAllocationMethod: + type: string + publicIPAddress: + description: Storage version of v1api20220701.BastionHostSubResource + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + subnet: + description: Storage version of v1api20220701.BastionHostSubResource + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: object + type: array + location: + type: string + originalVersion: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + scaleUnits: + type: integer + sku: + description: Storage version of v1api20220701.Sku The sku of this + Bastion Host. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + required: + - owner + type: object + status: + description: Storage version of v1api20220701.BastionHost_STATUS Bastion + Host resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + disableCopyPaste: + type: boolean + dnsName: + type: string + enableFileCopy: + type: boolean + enableIpConnect: + type: boolean + enableShareableLink: + type: boolean + enableTunneling: + type: boolean + etag: + type: string + id: + type: string + ipConfigurations: + items: + description: Storage version of v1api20220701.BastionHostIPConfiguration_STATUS + IP configuration of an Bastion Host. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + location: + type: string + name: + type: string + provisioningState: + type: string + scaleUnits: + type: integer + sku: + description: Storage version of v1api20220701.Sku_STATUS The sku of + this Bastion Host. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + type: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.5.0 + name: fleetsmembers.containerservice.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: containerservice.azure.com + names: + kind: FleetsMember + listKind: FleetsMemberList + plural: fleetsmembers + singular: fleetsmember + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230315preview + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/fleet/preview/2023-03-15-preview/fleets.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/fleets/{fleetName}/members/{fleetMemberName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + maxLength: 50 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + clusterResourceReference: + description: 'ClusterResourceReference: The ARM resource id of the + cluster that joins the Fleet. Must be a valid Azure resource id. + e.g.: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{clusterName}''.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + group: + description: 'Group: The group this member belongs to for multi-cluster + update management.' + maxLength: 50 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/Fleet + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + required: + - clusterResourceReference + - owner + type: object + status: + properties: + clusterResourceId: + description: 'ClusterResourceId: The ARM resource id of the cluster + that joins the Fleet. Must be a valid Azure resource id. e.g.: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{clusterName}''.' + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + eTag: + description: 'ETag: If eTag is provided in the response body, it may + also be provided as a header per the normal etag convention. Entity + tags are used for comparing two or more entities from the same requested + resource. HTTP/1.1 uses entity tags in the etag (section 14.19), + If-Match (section 14.24), If-None-Match (section 14.26), and If-Range + (section 14.27) header fields.' + type: string + group: + description: 'Group: The group this member belongs to for multi-cluster + update management.' + type: string + id: + description: 'Id: Fully qualified resource ID for the resource. Ex + - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}' + type: string + name: + description: 'Name: The name of the resource' + type: string + provisioningState: + description: 'ProvisioningState: The status of the last operation.' + type: string + systemData: + description: 'SystemData: Azure Resource Manager metadata containing + createdBy and modifiedBy information.' + properties: + createdAt: + description: 'CreatedAt: The timestamp of resource creation (UTC).' + type: string + createdBy: + description: 'CreatedBy: The identity that created the resource.' + type: string + createdByType: + description: 'CreatedByType: The type of identity that created + the resource.' + type: string + lastModifiedAt: + description: 'LastModifiedAt: The timestamp of resource last modification + (UTC)' + type: string + lastModifiedBy: + description: 'LastModifiedBy: The identity that last modified + the resource.' + type: string + lastModifiedByType: + description: 'LastModifiedByType: The type of identity that last + modified the resource.' + type: string + type: object + type: + description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" + or "Microsoft.Storage/storageAccounts"' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230315previewstorage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20230315preview.FleetsMember Generator + information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/fleet/preview/2023-03-15-preview/fleets.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/fleets/{fleetName}/members/{fleetMemberName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20230315preview.Fleets_Member_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + clusterResourceReference: + description: 'ClusterResourceReference: The ARM resource id of the + cluster that joins the Fleet. Must be a valid Azure resource id. + e.g.: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{clusterName}''.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + group: + type: string + originalVersion: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/Fleet + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + required: + - clusterResourceReference + - owner + type: object + status: + description: Storage version of v1api20230315preview.Fleets_Member_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + clusterResourceId: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + eTag: + type: string + group: + type: string + id: + type: string + name: + type: string + provisioningState: + type: string + systemData: + description: Storage version of v1api20230315preview.SystemData_STATUS + Metadata pertaining to creation and last modification of the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + createdAt: + type: string + createdBy: + type: string + createdByType: + type: string + lastModifiedAt: + type: string + lastModifiedBy: + type: string + lastModifiedByType: + type: string + type: object + type: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.5.0 + name: managedclusters.containerservice.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: containerservice.azure.com + names: + kind: ManagedCluster + listKind: ManagedClusterList + plural: managedclusters + singular: managedcluster + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20210501 + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2021-05-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: The client AAD application ID.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: The server AAD application ID.' + type: string + serverAppSecret: + description: 'ServerAppSecret: The server AAD application secret.' + type: string + tenantID: + description: 'TenantID: The AAD tenant ID to use for authentication. + If not specified, will use the tenant of the deployment subscription.' + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + required: + - enabled + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones + to use for nodes. This can only be specified if the AgentPoolType + property is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for + system pools. The default value is 1.' + type: integer + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported + on certain VM sizes and in certain Azure regions. For more + information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require + nodes in a node pool to receive their own dedicated public + IP addresses. A common scenario is for gaming workloads, where + a console needs to make a direct connection to a cloud virtual + machine to minimize hops. For more information see [assigning + a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of + container log files that can be present for a container. + The number must be ≥ 2.' + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' + Valid values are a sequence of decimal numbers with an + optional fraction and a unit suffix. For example: ''300ms'', + ''2h45m''. Supported units are ''ns'', ''us'', ''ms'', + ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. + See [Kubernetes CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and + ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information + see [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', + ''best-effort'', ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral + storage.' + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are + ''always'', ''defer'', ''defer+madvise'', ''madvise'' + and ''never''. The default is ''madvise''. For more information + see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are + ''always'', ''madvise'', and ''never''. The default is + ''always''. For more information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' + Agent Pool at all times. For additional information on agent + pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + enum: + - System + - User + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + pattern: ^[a-z][a-z0-9]{0,11}$ + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixIDReference: + description: 'NodePublicIPPrefixIDReference: This is of the + form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: As a best practice, you should + upgrade all node pools in an AKS cluster to the same Kubernetes + version. The node pool version must have the same major version + as the control plane. The node pool minor version must be + within two minor versions of the control plane version. The + node pool version cannot be greater than the control plane + version. For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the + VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to ''Managed''. May not + be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: 'OsSKU: Specifies an OS SKU. This value must not + be specified if OSType is Windows.' + enum: + - CBLMariner + - Ubuntu + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + enum: + - Linux + - Windows + type: string + podSubnetIDReference: + description: 'PodSubnetIDReference: If omitted, pod IPs are + statically assigned on the node subnet (see vnetSubnetID for + more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity + Placement Group.' + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified + unless the scaleSetPriority is ''Spot''. If not specified, + the default is ''Delete''.' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal + value greater than zero or -1 which indicates the willingness + to pay any on-demand price. For more details on spot pricing, + see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer + (e.g. ''5'') or a percentage (e.g. ''50%''). If a percentage + is specified, it is the percentage of the total agent + pool size at the time of the upgrade. For percentages, + fractional nodes are rounded up. If not specified, the + default is 1. For more information, including best practices, + see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. + If a node contains insufficient compute resources (memory, + cpu, etc) pods might fail to run correctly. For more details + on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetIDReference: + description: 'VnetSubnetIDReference: If this is not specified, + a VNET and subnet will be generated and used. If no podSubnetID + is specified, this applies to nodes and pods, otherwise it + applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: 'AuthorizedIPRanges: IP ranges are specified in CIDR + format, e.g. 137.117.106.88/29. This feature is not compatible + with clusters that use Public IP Per Node, or clusters that + are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges).' + items: + type: string + type: array + enablePrivateCluster: + description: 'EnablePrivateCluster: For more details, see [Creating + a private AKS cluster](https://docs.microsoft.com/azure/aks/private-clusters).' + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + privateDNSZone: + description: 'PrivateDNSZone: The default is System. For more + details see [configure private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). + Allowed values are ''system'' and ''none''.' + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: 'Expander: If not specified, the default is ''random''. + See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information.' + enum: + - least-waste + - most-pods + - priority + - random + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: 'MaxNodeProvisionTime: The default is ''15m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: 'NewPodScaleUpDelay: For scenarios like burst/batch + scale where you don''t want CA to act before the kubernetes + scheduler could schedule all the pods, you can tell CA to ignore + unscheduled pods before they''re a certain age. The default + is ''0s''. Values must be an integer followed by a unit (''s'' + for seconds, ''m'' for minutes, ''h'' for hours, etc).' + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: 'ScaleDownDelayAfterAdd: The default is ''10m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-delete: + description: 'ScaleDownDelayAfterDelete: The default is the scan-interval. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-failure: + description: 'ScaleDownDelayAfterFailure: The default is ''3m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-unneeded-time: + description: 'ScaleDownUnneededTime: The default is ''10m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-unready-time: + description: 'ScaleDownUnreadyTime: The default is ''20m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + upgradeChannel: + description: 'UpgradeChannel: For more information see [setting + the AKS cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel).' + enum: + - node-image + - none + - patch + - rapid + - stable + type: string + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ + type: string + disableLocalAccounts: + description: 'DisableLocalAccounts: If set to true, getting static + credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details + see [disable local accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview).' + type: boolean + diskEncryptionSetIDReference: + description: 'DiskEncryptionSetIDReference: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enablePodSecurityPolicy: + description: 'EnablePodSecurityPolicy: (DEPRECATING) Whether to enable + Kubernetes pod security policy (preview). This feature is set for + removal on October 15th, 2020. Learn more at aka.ms/aks/azpodpolicy.' + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + enum: + - EdgeZone + type: string + type: object + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + type: + description: 'Type: For more information see [use managed identities + in AKS](https://docs.microsoft.com/azure/aks/use-managed-identity).' + enum: + - None + - SystemAssigned + - UserAssigned + type: string + userAssignedIdentities: + description: 'UserAssignedIdentities: The keys must be ARM resource + IDs in the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''.' + items: + description: Information about the user assigned identity for + the resource + properties: + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + kubernetesVersion: + description: 'KubernetesVersion: When you upgrade a supported AKS + cluster, Kubernetes minor versions cannot be skipped. All upgrades + must be performed sequentially by major version number. For example, + upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, + however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) + for more details.' + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + pattern: ^[A-Za-z][-A-Za-z0-9_]*$ + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: 'KeyData: Certificate public key used to + authenticate with VMs through SSH. The certificate + must be in PEM format with or without headers.' + type: string + required: + - keyData + type: object + type: array + required: + - publicKeys + type: object + required: + - adminUsername + - ssh + type: object + location: + description: 'Location: Resource location' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: 'DnsServiceIP: An IP address assigned to the Kubernetes + DNS service. It must be within the Kubernetes service address + range specified in serviceCidr.' + pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ + type: string + dockerBridgeCidr: + description: 'DockerBridgeCidr: A CIDR notation IP range assigned + to the Docker bridge network. It must not overlap with any Subnet + IP ranges or the Kubernetes service address range.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: 'AllocatedOutboundPorts: The desired number of + allocated SNAT ports per VM. Allowed values are in the range + of 0 to 64000 (inclusive). The default value is 0 which + results in Azure dynamically allocating ports.' + maximum: 64000 + minimum: 0 + type: integer + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 30 minutes.' + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: 'Count: The desired number of outbound IPs + created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 1.' + maximum: 100 + minimum: 1 + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + description: 'LoadBalancerSku: The default is ''standard''. See + [Azure Load Balancer SKUs](https://docs.microsoft.com/azure/load-balancer/skus) + for more information about the differences between load balancer + SKUs.' + enum: + - basic + - standard + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + enum: + - bridge + - transparent + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + enum: + - azure + - kubenet + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + enum: + - azure + - calico + type: string + outboundType: + description: 'OutboundType: This can only be set at cluster creation + time and cannot be changed later. For more information see [egress + outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype).' + enum: + - loadBalancer + - userDefinedRouting + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + serviceCidr: + description: 'ServiceCidr: A CIDR notation IP range from which + to assign service cluster IPs. It must not overlap with any + Subnet IP ranges.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + operatorSpec: + description: 'OperatorSpec: The specification for configuring operator + behavior. This field is interpreted by the operator and not passed + directly to Azure' + properties: + secrets: + description: 'Secrets: configures where to place Azure generated + secrets.' + properties: + adminCredentials: + description: 'AdminCredentials: indicates where the AdminCredentials + secret should be placed. If omitted, the secret will not + be retrieved from Azure.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: 'UserCredentials: indicates where the UserCredentials + secret should be placed. If omitted, the secret will not + be retrieved from Azure.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: 'PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on AAD pod identity integration.' + properties: + allowNetworkPluginKubenet: + description: 'AllowNetworkPluginKubenet: Running in Kubenet is + disabled by default due to the security related nature of AAD + Pod Identity and the risks of IP spoofing. See [using Kubenet + network plugin with AAD Pod Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information.' + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + required: + - identity + - name + - namespace + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + required: + - name + - namespace + - podLabels + type: object + type: array + type: object + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + servicePrincipalProfile: + description: 'ServicePrincipalProfile: Information about a service + principal identity for the cluster to use for manipulating Azure + APIs.' + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + secret: + description: 'Secret: The secret password associated with the + service principal in plain text.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret being + referenced. The secret must be in the same namespace as + the resource + type: string + required: + - key + - name + type: object + required: + - clientId + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + enum: + - Basic + type: string + tier: + description: 'Tier: If not specified, the default is ''Free''. + See [uptime SLA](https://docs.microsoft.com/azure/aks/uptime-sla) + for more details.' + enum: + - Free + - Paid + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags' + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: 'AdminPassword: Specifies the password of the administrator + account. Minimum-length: 8 characters Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to + be fulfilled Has lower characters Has upper characters Has a + digit Has a special character (Regex match [\W_]) Disallowed + values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", + "Pa$$$$word", "pass@word1", "Password!", "Password1", "Password22", + "iloveyou!"' + type: string + adminUsername: + description: 'AdminUsername: Specifies the name of the administrator + account. Restriction: Cannot end in "." Disallowed values: "administrator", + "admin", "user", "user1", "test", "user2", "test1", "user3", + "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", + "backup", "console", "david", "guest", "john", "owner", "root", + "server", "sql", "support", "support_388945a0", "sys", "test2", + "test3", "user4", "user5". Minimum-length: 1 character Max-length: + 20 characters' + type: string + enableCSIProxy: + description: 'EnableCSIProxy: For more details on CSI proxy, see + the [CSI proxy GitHub repo](https://github.com/kubernetes-csi/csi-proxy).' + type: boolean + licenseType: + description: 'LicenseType: The license type to use for Windows + VMs. See [Azure Hybrid User Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) + for more details.' + enum: + - None + - Windows_Server + type: string + required: + - adminUsername + type: object + required: + - location + - owner + type: object + status: + description: Managed cluster. + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: The client AAD application ID.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: The server AAD application ID.' + type: string + serverAppSecret: + description: 'ServerAppSecret: The server AAD application secret.' + type: string + tenantID: + description: 'TenantID: The AAD tenant ID to use for authentication. + If not specified, will use the tenant of the deployment subscription.' + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + identity: + description: 'Identity: Information of user assigned identity + used by this add-on.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones + to use for nodes. This can only be specified if the AgentPoolType + property is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for + system pools. The default value is 1.' + type: integer + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported + on certain VM sizes and in certain Azure regions. For more + information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require + nodes in a node pool to receive their own dedicated public + IP addresses. A common scenario is for gaming workloads, where + a console needs to make a direct connection to a cloud virtual + machine to minimize hops. For more information see [assigning + a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of + container log files that can be present for a container. + The number must be ≥ 2.' + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' + Valid values are a sequence of decimal numbers with an + optional fraction and a unit suffix. For example: ''300ms'', + ''2h45m''. Supported units are ''ns'', ''us'', ''ms'', + ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. + See [Kubernetes CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and + ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information + see [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', + ''best-effort'', ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral + storage.' + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are + ''always'', ''defer'', ''defer+madvise'', ''madvise'' + and ''never''. The default is ''madvise''. For more information + see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are + ''always'', ''madvise'', and ''never''. The default is + ''always''. For more information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' + Agent Pool at all times. For additional information on agent + pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + type: string + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: 'NodePublicIPPrefixID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: As a best practice, you should + upgrade all node pools in an AKS cluster to the same Kubernetes + version. The node pool version must have the same major version + as the control plane. The node pool minor version must be + within two minor versions of the control plane version. The + node pool version cannot be greater than the control plane + version. For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the + VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to ''Managed''. May not + be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + type: string + osSKU: + description: 'OsSKU: Specifies an OS SKU. This value must not + be specified if OSType is Windows.' + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + type: string + podSubnetID: + description: 'PodSubnetID: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + powerState: + description: 'PowerState: Describes whether the Agent Pool is + Running or Stopped' + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + type: string + type: object + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity + Placement Group.' + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified + unless the scaleSetPriority is ''Spot''. If not specified, + the default is ''Delete''.' + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal + value greater than zero or -1 which indicates the willingness + to pay any on-demand price. For more details on spot pricing, + see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer + (e.g. ''5'') or a percentage (e.g. ''50%''). If a percentage + is specified, it is the percentage of the total agent + pool size at the time of the upgrade. For percentages, + fractional nodes are rounded up. If not specified, the + default is 1. For more information, including best practices, + see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. + If a node contains insufficient compute resources (memory, + cpu, etc) pods might fail to run correctly. For more details + on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetID: + description: 'VnetSubnetID: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies + to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: 'AuthorizedIPRanges: IP ranges are specified in CIDR + format, e.g. 137.117.106.88/29. This feature is not compatible + with clusters that use Public IP Per Node, or clusters that + are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges).' + items: + type: string + type: array + enablePrivateCluster: + description: 'EnablePrivateCluster: For more details, see [Creating + a private AKS cluster](https://docs.microsoft.com/azure/aks/private-clusters).' + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + privateDNSZone: + description: 'PrivateDNSZone: The default is System. For more + details see [configure private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). + Allowed values are ''system'' and ''none''.' + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: 'Expander: If not specified, the default is ''random''. + See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information.' + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: 'MaxNodeProvisionTime: The default is ''15m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: 'NewPodScaleUpDelay: For scenarios like burst/batch + scale where you don''t want CA to act before the kubernetes + scheduler could schedule all the pods, you can tell CA to ignore + unscheduled pods before they''re a certain age. The default + is ''0s''. Values must be an integer followed by a unit (''s'' + for seconds, ''m'' for minutes, ''h'' for hours, etc).' + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: 'ScaleDownDelayAfterAdd: The default is ''10m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-delete: + description: 'ScaleDownDelayAfterDelete: The default is the scan-interval. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-failure: + description: 'ScaleDownDelayAfterFailure: The default is ''3m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-unneeded-time: + description: 'ScaleDownUnneededTime: The default is ''10m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-unready-time: + description: 'ScaleDownUnreadyTime: The default is ''20m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + upgradeChannel: + description: 'UpgradeChannel: For more information see [setting + the AKS cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel).' + type: string + type: object + azurePortalFQDN: + description: 'AzurePortalFQDN: The Azure Portal requires certain Cross-Origin + Resource Sharing (CORS) headers to be sent in some responses, which + Kubernetes APIServer doesn''t handle by default. This special FQDN + supports CORS, allowing the Azure Portal to function properly.' + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + disableLocalAccounts: + description: 'DisableLocalAccounts: If set to true, getting static + credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details + see [disable local accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview).' + type: boolean + diskEncryptionSetID: + description: 'DiskEncryptionSetID: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + type: string + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enablePodSecurityPolicy: + description: 'EnablePodSecurityPolicy: (DEPRECATING) Whether to enable + Kubernetes pod security policy (preview). This feature is set for + removal on October 15th, 2020. Learn more at aka.ms/aks/azpodpolicy.' + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + type: string + type: object + fqdn: + description: 'Fqdn: The FQDN of the master pool.' + type: string + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + id: + description: 'Id: Resource Id' + type: string + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + principalId: + description: 'PrincipalId: The principal id of the system assigned + identity which is used by master components.' + type: string + tenantId: + description: 'TenantId: The tenant id of the system assigned identity + which is used by master components.' + type: string + type: + description: 'Type: For more information see [use managed identities + in AKS](https://docs.microsoft.com/azure/aks/use-managed-identity).' + type: string + userAssignedIdentities: + additionalProperties: + properties: + clientId: + description: 'ClientId: The client id of user assigned identity.' + type: string + principalId: + description: 'PrincipalId: The principal id of user assigned + identity.' + type: string + type: object + description: 'UserAssignedIdentities: The keys must be ARM resource + IDs in the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''.' + type: object + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + kubernetesVersion: + description: 'KubernetesVersion: When you upgrade a supported AKS + cluster, Kubernetes minor versions cannot be skipped. All upgrades + must be performed sequentially by major version number. For example, + upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, + however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) + for more details.' + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: 'KeyData: Certificate public key used to + authenticate with VMs through SSH. The certificate + must be in PEM format with or without headers.' + type: string + type: object + type: array + type: object + type: object + location: + description: 'Location: Resource location' + type: string + maxAgentPools: + description: 'MaxAgentPools: The max number of agent pools for the + managed cluster.' + type: integer + name: + description: 'Name: Resource name' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: 'DnsServiceIP: An IP address assigned to the Kubernetes + DNS service. It must be within the Kubernetes service address + range specified in serviceCidr.' + type: string + dockerBridgeCidr: + description: 'DockerBridgeCidr: A CIDR notation IP range assigned + to the Docker bridge network. It must not overlap with any Subnet + IP ranges or the Kubernetes service address range.' + type: string + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: 'AllocatedOutboundPorts: The desired number of + allocated SNAT ports per VM. Allowed values are in the range + of 0 to 64000 (inclusive). The default value is 0 which + results in Azure dynamically allocating ports.' + type: integer + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 30 minutes.' + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: 'Count: The desired number of outbound IPs + created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 1.' + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + description: 'LoadBalancerSku: The default is ''standard''. See + [Azure Load Balancer SKUs](https://docs.microsoft.com/azure/load-balancer/skus) + for more information about the differences between load balancer + SKUs.' + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + type: string + outboundType: + description: 'OutboundType: This can only be set at cluster creation + time and cannot be changed later. For more information see [egress + outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype).' + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + type: string + serviceCidr: + description: 'ServiceCidr: A CIDR notation IP range from which + to assign service cluster IPs. It must not overlap with any + Subnet IP ranges.' + type: string + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + podIdentityProfile: + description: 'PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on AAD pod identity integration.' + properties: + allowNetworkPluginKubenet: + description: 'AllowNetworkPluginKubenet: Running in Kubenet is + disabled by default due to the security related nature of AAD + Pod Identity and the risks of IP spoofing. See [using Kubenet + network plugin with AAD Pod Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information.' + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user + assigned identity.' + type: string + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + provisioningInfo: + properties: + error: + description: 'Error: Pod identity assignment error (if + any).' + properties: + error: + description: 'Error: Details about the error.' + properties: + code: + description: 'Code: An identifier for the error. + Codes are invariant and are intended to be + consumed programmatically.' + type: string + details: + description: 'Details: A list of additional + details about the error.' + items: + properties: + code: + description: 'Code: An identifier for + the error. Codes are invariant and are + intended to be consumed programmatically.' + type: string + message: + description: 'Message: A message describing + the error, intended to be suitable for + display in a user interface.' + type: string + target: + description: 'Target: The target of the + particular error. For example, the name + of the property in error.' + type: string + type: object + type: array + message: + description: 'Message: A message describing + the error, intended to be suitable for display + in a user interface.' + type: string + target: + description: 'Target: The target of the particular + error. For example, the name of the property + in error.' + type: string + type: object + type: object + type: object + provisioningState: + description: 'ProvisioningState: The current provisioning + state of the pod identity.' + type: string + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + type: object + type: array + type: object + powerState: + description: 'PowerState: The Power State of the cluster.' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + privateFQDN: + description: 'PrivateFQDN: The FQDN of private cluster.' + type: string + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + id: + description: 'Id: The ID of the private link resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + privateLinkServiceID: + description: 'PrivateLinkServiceID: The private link service + ID of the resource, this field is exposed only to NRP internally.' + type: string + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + provisioningState: + description: 'ProvisioningState: The current provisioning state.' + type: string + servicePrincipalProfile: + description: 'ServicePrincipalProfile: Information about a service + principal identity for the cluster to use for manipulating Azure + APIs.' + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + type: string + tier: + description: 'Tier: If not specified, the default is ''Free''. + See [uptime SLA](https://docs.microsoft.com/azure/aks/uptime-sla) + for more details.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags' + type: object + type: + description: 'Type: Resource type' + type: string + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: 'AdminPassword: Specifies the password of the administrator + account. Minimum-length: 8 characters Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to + be fulfilled Has lower characters Has upper characters Has a + digit Has a special character (Regex match [\W_]) Disallowed + values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", + "Pa$$$$word", "pass@word1", "Password!", "Password1", "Password22", + "iloveyou!"' + type: string + adminUsername: + description: 'AdminUsername: Specifies the name of the administrator + account. Restriction: Cannot end in "." Disallowed values: "administrator", + "admin", "user", "user1", "test", "user2", "test1", "user3", + "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", + "backup", "console", "david", "guest", "john", "owner", "root", + "server", "sql", "support", "support_388945a0", "sys", "test2", + "test3", "user4", "user5". Minimum-length: 1 character Max-length: + 20 characters' + type: string + enableCSIProxy: + description: 'EnableCSIProxy: For more details on CSI proxy, see + the [CSI proxy GitHub repo](https://github.com/kubernetes-csi/csi-proxy).' + type: boolean + licenseType: + description: 'LicenseType: The license type to use for Windows + VMs. See [Azure Hybrid User Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) + for more details.' + type: string + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20210501storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20210501.ManagedCluster Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2021-05-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20210501.ManagedCluster_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + aadProfile: + description: Storage version of v1api20210501.ManagedClusterAADProfile + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: Storage version of v1api20210501.ManagedClusterAddonProfile + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + type: object + type: object + agentPoolProfiles: + items: + description: Storage version of v1api20210501.ManagedClusterAgentPoolProfile + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + count: + type: integer + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + kubeletConfig: + description: Storage version of v1api20210501.KubeletConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20210501.LinuxOSConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20210501.SysctlConfig + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixIDReference: + description: 'NodePublicIPPrefixIDReference: This is of the + form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetIDReference: + description: 'PodSubnetIDReference: If omitted, pod IPs are + statically assigned on the node subnet (see vnetSubnetID for + more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + proximityPlacementGroupID: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20210501.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetIDReference: + description: 'VnetSubnetIDReference: If this is not specified, + a VNET and subnet will be generated and used. If no podSubnetID + is specified, this applies to nodes and pods, otherwise it + applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + apiServerAccessProfile: + description: Storage version of v1api20210501.ManagedClusterAPIServerAccessProfile + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + privateDNSZone: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20210501.ManagedClusterProperties_AutoScalerProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + expander: + type: string + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: Storage version of v1api20210501.ManagedClusterAutoUpgradeProfile + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + upgradeChannel: + type: string + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + disableLocalAccounts: + type: boolean + diskEncryptionSetIDReference: + description: 'DiskEncryptionSetIDReference: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + type: string + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: Storage version of v1api20210501.ExtendedLocation The + complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdnSubdomain: + type: string + httpProxyConfig: + description: Storage version of v1api20210501.ManagedClusterHTTPProxyConfig + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + identity: + description: Storage version of v1api20210501.ManagedClusterIdentity + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + type: + type: string + userAssignedIdentities: + items: + description: Storage version of v1api20210501.UserAssignedIdentityDetails + Information about the user assigned identity for the resource + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: Storage version of v1api20210501.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: object + kubernetesVersion: + type: string + linuxProfile: + description: Storage version of v1api20210501.ContainerServiceLinuxProfile + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: Storage version of v1api20210501.ContainerServiceSshConfiguration + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: Storage version of v1api20210501.ContainerServiceSshPublicKey + Contains information about SSH certificate public key + data. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + networkProfile: + description: Storage version of v1api20210501.ContainerServiceNetworkProfile + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + dnsServiceIP: + type: string + dockerBridgeCidr: + type: string + loadBalancerProfile: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + effectiveOutboundIPs: + items: + description: Storage version of v1api20210501.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + count: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPPrefixes: + items: + description: Storage version of v1api20210501.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_OutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPs: + items: + description: Storage version of v1api20210501.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + serviceCidr: + type: string + type: object + nodeResourceGroup: + type: string + operatorSpec: + description: Storage version of v1api20210501.ManagedClusterOperatorSpec + Details for configuring operator behavior. Fields in this struct + are interpreted by the operator directly rather than being passed + to Azure + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + secrets: + description: Storage version of v1api20210501.ManagedClusterOperatorSecrets + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminCredentials: + description: 'SecretDestination describes the location to + store a single secret value. Note: This is similar to ConfigMapDestination + in configmaps.go. Changes to one should likely also be made + to the other.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: 'SecretDestination describes the location to + store a single secret value. Note: This is similar to ConfigMapDestination + in configmaps.go. Changes to one should likely also be made + to the other.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + originalVersion: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: Storage version of v1api20210501.ManagedClusterPodIdentityProfile + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on pod identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: Storage version of v1api20210501.ManagedClusterPodIdentity + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + bindingSelector: + type: string + identity: + description: Storage version of v1api20210501.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + type: string + namespace: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: Storage version of v1api20210501.ManagedClusterPodIdentityException + See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + privateLinkResources: + items: + description: Storage version of v1api20210501.PrivateLinkResource + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + name: + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + servicePrincipalProfile: + description: Storage version of v1api20210501.ManagedClusterServicePrincipalProfile + Information about a service principal identity for the cluster to + use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + clientId: + type: string + secret: + description: SecretReference is a reference to a Kubernetes secret + and key in the same namespace as the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret being + referenced. The secret must be in the same namespace as + the resource + type: string + required: + - key + - name + type: object + type: object + sku: + description: Storage version of v1api20210501.ManagedClusterSKU The + SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + windowsProfile: + description: Storage version of v1api20210501.ManagedClusterWindowsProfile + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminPassword: + type: string + adminUsername: + type: string + enableCSIProxy: + type: boolean + licenseType: + type: string + type: object + required: + - owner + type: object + status: + description: Storage version of v1api20210501.ManagedCluster_STATUS Managed + cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + aadProfile: + description: Storage version of v1api20210501.ManagedClusterAADProfile_STATUS + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: Storage version of v1api20210501.ManagedClusterAddonProfile_STATUS + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + identity: + description: Storage version of v1api20210501.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + type: object + agentPoolProfiles: + items: + description: Storage version of v1api20210501.ManagedClusterAgentPoolProfile_STATUS + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + count: + type: integer + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + kubeletConfig: + description: Storage version of v1api20210501.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20210501.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20210501.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + nodeImageVersion: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: Storage version of v1api20210501.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + code: + type: string + type: object + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20210501.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetID: + type: string + type: object + type: array + apiServerAccessProfile: + description: Storage version of v1api20210501.ManagedClusterAPIServerAccessProfile_STATUS + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + privateDNSZone: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20210501.ManagedClusterProperties_AutoScalerProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + expander: + type: string + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: Storage version of v1api20210501.ManagedClusterAutoUpgradeProfile_STATUS + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + upgradeChannel: + type: string + type: object + azurePortalFQDN: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + disableLocalAccounts: + type: boolean + diskEncryptionSetID: + type: string + dnsPrefix: + type: string + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: Storage version of v1api20210501.ExtendedLocation_STATUS + The complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdn: + type: string + fqdnSubdomain: + type: string + httpProxyConfig: + description: Storage version of v1api20210501.ManagedClusterHTTPProxyConfig_STATUS + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + id: + type: string + identity: + description: Storage version of v1api20210501.ManagedClusterIdentity_STATUS + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + principalId: + type: string + tenantId: + type: string + type: + type: string + userAssignedIdentities: + additionalProperties: + description: Storage version of v1api20210501.ManagedClusterIdentity_UserAssignedIdentities_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + clientId: + type: string + principalId: + type: string + type: object + type: object + type: object + identityProfile: + additionalProperties: + description: Storage version of v1api20210501.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + kubernetesVersion: + type: string + linuxProfile: + description: Storage version of v1api20210501.ContainerServiceLinuxProfile_STATUS + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: Storage version of v1api20210501.ContainerServiceSshConfiguration_STATUS + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: Storage version of v1api20210501.ContainerServiceSshPublicKey_STATUS + Contains information about SSH certificate public key + data. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + maxAgentPools: + type: integer + name: + type: string + networkProfile: + description: Storage version of v1api20210501.ContainerServiceNetworkProfile_STATUS + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + dnsServiceIP: + type: string + dockerBridgeCidr: + type: string + loadBalancerProfile: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_STATUS + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + effectiveOutboundIPs: + items: + description: Storage version of v1api20210501.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + count: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPPrefixes: + items: + description: Storage version of v1api20210501.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPs: + items: + description: Storage version of v1api20210501.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + serviceCidr: + type: string + type: object + nodeResourceGroup: + type: string + podIdentityProfile: + description: Storage version of v1api20210501.ManagedClusterPodIdentityProfile_STATUS + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on pod identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: Storage version of v1api20210501.ManagedClusterPodIdentity_STATUS + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + bindingSelector: + type: string + identity: + description: Storage version of v1api20210501.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + name: + type: string + namespace: + type: string + provisioningInfo: + description: Storage version of v1api20210501.ManagedClusterPodIdentity_ProvisioningInfo_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + error: + description: Storage version of v1api20210501.ManagedClusterPodIdentityProvisioningError_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + error: + description: Storage version of v1api20210501.ManagedClusterPodIdentityProvisioningErrorBody_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set + of stashed information that used for properties + not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + details: + items: + description: Storage version of v1api20210501.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered + set of stashed information that used + for properties not directly supported + by storage resources, allowing for full + fidelity round trip conversions + type: object + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: + type: string + target: + type: string + type: object + type: object + type: object + provisioningState: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: Storage version of v1api20210501.ManagedClusterPodIdentityException_STATUS + See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + powerState: + description: Storage version of v1api20210501.PowerState_STATUS Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + privateFQDN: + type: string + privateLinkResources: + items: + description: Storage version of v1api20210501.PrivateLinkResource_STATUS + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + id: + type: string + name: + type: string + privateLinkServiceID: + type: string + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + provisioningState: + type: string + servicePrincipalProfile: + description: Storage version of v1api20210501.ManagedClusterServicePrincipalProfile_STATUS + Information about a service principal identity for the cluster to + use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + clientId: + type: string + type: object + sku: + description: Storage version of v1api20210501.ManagedClusterSKU_STATUS + The SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + type: + type: string + windowsProfile: + description: Storage version of v1api20210501.ManagedClusterWindowsProfile_STATUS + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminPassword: + type: string + adminUsername: + type: string + enableCSIProxy: + type: boolean + licenseType: + type: string + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230201 + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-02-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: (DEPRECATED) The client AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: (DEPRECATED) The server AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + serverAppSecret: + description: 'ServerAppSecret: (DEPRECATED) The server AAD application + secret. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + tenantID: + description: 'TenantID: The AAD tenant ID to use for authentication. + If not specified, will use the tenant of the deployment subscription.' + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + required: + - enabled + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones + to use for nodes. This can only be specified if the AgentPoolType + property is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for + system pools. The default value is 1.' + type: integer + creationData: + description: 'CreationData: CreationData to be used to specify + the source Snapshot ID if the node pool will be created/upgraded + using a snapshot.' + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID + of the source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported + on certain VM sizes and in certain Azure regions. For more + information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require + nodes in a node pool to receive their own dedicated public + IP addresses. A common scenario is for gaming workloads, where + a console needs to make a direct connection to a cloud virtual + machine to minimize hops. For more information see [assigning + a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + hostGroupReference: + description: 'HostGroupReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of + container log files that can be present for a container. + The number must be ≥ 2.' + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' + Valid values are a sequence of decimal numbers with an + optional fraction and a unit suffix. For example: ''300ms'', + ''2h45m''. Supported units are ''ns'', ''us'', ''ms'', + ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. + See [Kubernetes CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and + ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information + see [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', + ''best-effort'', ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral + storage.' + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are + ''always'', ''defer'', ''defer+madvise'', ''madvise'' + and ''never''. The default is ''madvise''. For more information + see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are + ''always'', ''madvise'', and ''never''. The default is + ''always''. For more information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' + Agent Pool at all times. For additional information on agent + pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + enum: + - System + - User + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + pattern: ^[a-z][a-z0-9]{0,11}$ + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixReference: + description: 'NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch + version is chosen automatically. Updating the cluster with + the same once it has been created (e.g. 1.14.x + -> 1.14) will not trigger an upgrade, even if a newer patch + version is available. As a best practice, you should upgrade + all node pools in an AKS cluster to the same Kubernetes version. + The node pool version must have the same major version as + the control plane. The node pool minor version must be within + two minor versions of the control plane version. The node + pool version cannot be greater than the control plane version. + For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the + VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to ''Managed''. May not + be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent + pool. The default is Ubuntu if OSType is Linux. The default + is Windows2019 when Kubernetes <= 1.24 or Windows2022 when + Kubernetes >= 1.25 if OSType is Windows.' + enum: + - CBLMariner + - Ubuntu + - Windows2019 + - Windows2022 + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + enum: + - Linux + - Windows + type: string + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: 'PowerState: When an Agent Pool is first created + it is initially Running. The Agent Pool can be stopped by + setting this field to Stopped. A stopped Agent Pool stops + all of its VMs and does not accrue billing charges. An Agent + Pool can only be stopped if it is Running and provisioning + state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified + unless the scaleSetPriority is ''Spot''. If not specified, + the default is ''Delete''.' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal + value greater than zero or -1 which indicates the willingness + to pay any on-demand price. For more details on spot pricing, + see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer + (e.g. ''5'') or a percentage (e.g. ''50%''). If a percentage + is specified, it is the percentage of the total agent + pool size at the time of the upgrade. For percentages, + fractional nodes are rounded up. If not specified, the + default is 1. For more information, including best practices, + see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. + If a node contains insufficient compute resources (memory, + cpu, etc) pods might fail to run correctly. For more details + on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, + a VNET and subnet will be generated and used. If no podSubnetID + is specified, this applies to nodes and pods, otherwise it + applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + enum: + - OCIContainer + - WasmWasi + type: string + required: + - name + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: 'AuthorizedIPRanges: IP ranges are specified in CIDR + format, e.g. 137.117.106.88/29. This feature is not compatible + with clusters that use Public IP Per Node, or clusters that + are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges).' + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: 'EnablePrivateCluster: For more details, see [Creating + a private AKS cluster](https://docs.microsoft.com/azure/aks/private-clusters).' + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + privateDNSZone: + description: 'PrivateDNSZone: The default is System. For more + details see [configure private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). + Allowed values are ''system'' and ''none''.' + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: 'Expander: If not specified, the default is ''random''. + See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information.' + enum: + - least-waste + - most-pods + - priority + - random + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: 'MaxNodeProvisionTime: The default is ''15m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: 'NewPodScaleUpDelay: For scenarios like burst/batch + scale where you don''t want CA to act before the kubernetes + scheduler could schedule all the pods, you can tell CA to ignore + unscheduled pods before they''re a certain age. The default + is ''0s''. Values must be an integer followed by a unit (''s'' + for seconds, ''m'' for minutes, ''h'' for hours, etc).' + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: 'ScaleDownDelayAfterAdd: The default is ''10m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-delete: + description: 'ScaleDownDelayAfterDelete: The default is the scan-interval. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-failure: + description: 'ScaleDownDelayAfterFailure: The default is ''3m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-unneeded-time: + description: 'ScaleDownUnneededTime: The default is ''10m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-unready-time: + description: 'ScaleDownUnreadyTime: The default is ''20m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + upgradeChannel: + description: 'UpgradeChannel: For more information see [setting + the AKS cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel).' + enum: + - node-image + - none + - patch + - rapid + - stable + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Azure Monitor addon profiles for + monitoring the managed cluster.' + properties: + metrics: + description: 'Metrics: Metrics profile for the Azure Monitor managed + service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace + and configure additional scraping for custom targets. See aka.ms/AzureManagedPrometheus + for an overview.' + properties: + enabled: + description: 'Enabled: Whether to enable or disable the Azure + Managed Prometheus addon for Prometheus monitoring. See + aka.ms/AzureManagedPrometheus-aks-enable for details on + enabling and disabling.' + type: boolean + kubeStateMetrics: + description: 'KubeStateMetrics: Kube State Metrics profile + for the Azure Managed Prometheus addon. These optional settings + are for the kube-state-metrics pod that is deployed with + the addon. See aka.ms/AzureManagedPrometheus-optional-parameters + for details.' + properties: + metricAnnotationsAllowList: + description: 'MetricAnnotationsAllowList: Comma-separated + list of Kubernetes annotation keys that will be used + in the resource''s labels metric (Example: ''namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...''). + By default the metric contains only resource name and + namespace labels.' + type: string + metricLabelsAllowlist: + description: 'MetricLabelsAllowlist: Comma-separated list + of additional Kubernetes label keys that will be used + in the resource''s labels metric (Example: ''namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...''). + By default the metric contains only resource name and + namespace labels.' + type: string + type: object + required: + - enabled + type: object + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ + type: string + disableLocalAccounts: + description: 'DisableLocalAccounts: If set to true, getting static + credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details + see [disable local accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview).' + type: boolean + diskEncryptionSetReference: + description: 'DiskEncryptionSetReference: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enablePodSecurityPolicy: + description: 'EnablePodSecurityPolicy: (DEPRECATED) Whether to enable + Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. + Learn more at https://aka.ms/k8s/psp and https://aka.ms/aks/psp.' + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + enum: + - EdgeZone + type: string + type: object + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + type: + description: 'Type: For more information see [use managed identities + in AKS](https://docs.microsoft.com/azure/aks/use-managed-identity).' + enum: + - None + - SystemAssigned + - UserAssigned + type: string + userAssignedIdentities: + description: 'UserAssignedIdentities: The keys must be ARM resource + IDs in the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''.' + items: + description: Information about the user assigned identity for + the resource + properties: + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + kubernetesVersion: + description: 'KubernetesVersion: Both patch version + (e.g. 1.20.13) and (e.g. 1.20) are supported. When + is specified, the latest supported GA patch version + is chosen automatically. Updating the cluster with the same + once it has been created (e.g. 1.14.x -> 1.14) will not trigger + an upgrade, even if a newer patch version is available. When you + upgrade a supported AKS cluster, Kubernetes minor versions cannot + be skipped. All upgrades must be performed sequentially by major + version number. For example, upgrades between 1.14.x -> 1.15.x or + 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. + See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) + for more details.' + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + pattern: ^[A-Za-z][-A-Za-z0-9_]*$ + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: 'KeyData: Certificate public key used to + authenticate with VMs through SSH. The certificate + must be in PEM format with or without headers.' + type: string + required: + - keyData + type: object + type: array + required: + - publicKeys + type: object + required: + - adminUsername + - ssh + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: 'DnsServiceIP: An IP address assigned to the Kubernetes + DNS service. It must be within the Kubernetes service address + range specified in serviceCidr.' + pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ + type: string + dockerBridgeCidr: + description: 'DockerBridgeCidr: A CIDR notation IP range assigned + to the Docker bridge network. It must not overlap with any Subnet + IP ranges or the Kubernetes service address range.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + ipFamilies: + description: 'IpFamilies: IP families are used to determine single-stack + or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6.' + items: + enum: + - IPv4 + - IPv6 + type: string + type: array + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: 'AllocatedOutboundPorts: The desired number of + allocated SNAT ports per VM. Allowed values are in the range + of 0 to 64000 (inclusive). The default value is 0 which + results in Azure dynamically allocating ports.' + maximum: 64000 + minimum: 0 + type: integer + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 30 minutes.' + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: 'Count: The desired number of IPv4 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 1.' + maximum: 100 + minimum: 1 + type: integer + countIPv6: + description: 'CountIPv6: The desired number of IPv6 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 0 for single-stack and 1 for dual-stack.' + maximum: 100 + minimum: 0 + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + description: 'LoadBalancerSku: The default is ''standard''. See + [Azure Load Balancer SKUs](https://docs.microsoft.com/azure/load-balancer/skus) + for more information about the differences between load balancer + SKUs.' + enum: + - basic + - standard + type: string + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 4 minutes.' + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: 'Count: The desired number of outbound IPs + created/managed by Azure. Allowed values must be in + the range of 1 to 16 (inclusive). The default value + is 1.' + maximum: 16 + minimum: 1 + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + enum: + - azure + - cilium + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + enum: + - bridge + - transparent + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + enum: + - azure + - kubenet + - none + type: string + networkPluginMode: + description: 'NetworkPluginMode: The mode the network plugin should + use.' + enum: + - overlay + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + enum: + - azure + - calico + - cilium + type: string + outboundType: + description: 'OutboundType: This can only be set at cluster creation + time and cannot be changed later. For more information see [egress + outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype).' + enum: + - loadBalancer + - managedNATGateway + - userAssignedNATGateway + - userDefinedRouting + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + podCidrs: + description: 'PodCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking.' + items: + type: string + type: array + serviceCidr: + description: 'ServiceCidr: A CIDR notation IP range from which + to assign service cluster IPs. It must not overlap with any + Subnet IP ranges.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + serviceCidrs: + description: 'ServiceCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with + any Subnet IP ranges.' + items: + type: string + type: array + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + type: object + operatorSpec: + description: 'OperatorSpec: The specification for configuring operator + behavior. This field is interpreted by the operator and not passed + directly to Azure' + properties: + configMaps: + description: 'ConfigMaps: configures where to place operator written + ConfigMaps.' + properties: + oidcIssuerProfile: + description: 'OIDCIssuerProfile: indicates where the OIDCIssuerProfile + config map should be placed. If omitted, no config map will + be created.' + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: Name is the name of the Kubernetes ConfigMap + being referenced. The ConfigMap must be in the same + namespace as the resource + type: string + required: + - key + - name + type: object + type: object + secrets: + description: 'Secrets: configures where to place Azure generated + secrets.' + properties: + adminCredentials: + description: 'AdminCredentials: indicates where the AdminCredentials + secret should be placed. If omitted, the secret will not + be retrieved from Azure.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: 'UserCredentials: indicates where the UserCredentials + secret should be placed. If omitted, the secret will not + be retrieved from Azure.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: 'PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on AAD pod identity integration.' + properties: + allowNetworkPluginKubenet: + description: 'AllowNetworkPluginKubenet: Running in Kubenet is + disabled by default due to the security related nature of AAD + Pod Identity and the risks of IP spoofing. See [using Kubenet + network plugin with AAD Pod Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information.' + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + required: + - identity + - name + - namespace + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + required: + - name + - namespace + - podLabels + type: object + type: array + type: object + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + enum: + - Disabled + - Enabled + type: string + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: 'AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) + settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: 'KeyId: Identifier of Azure Key Vault key. See + [key identifier format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service + is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service + is disabled, leave the field empty.' + type: string + keyVaultNetworkAccess: + description: 'KeyVaultNetworkAccess: Network access of key + vault. The possible values are `Public` and `Private`. `Public` + means the key vault allows public access from all networks. + `Private` means the key vault disables public access and + enables private link. The default value is `Public`.' + enum: + - Private + - Public + type: string + keyVaultResourceReference: + description: 'KeyVaultResourceReference: Resource ID of key + vault. When keyVaultNetworkAccess is `Private`, this field + is required and must be a valid resource ID. When keyVaultNetworkAccess + is `Public`, leave the field empty.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceReference: + description: 'LogAnalyticsWorkspaceResourceReference: Resource + ID of the Log Analytics workspace to be associated with + Microsoft Defender. When Microsoft Defender is enabled, + this field is required and must be a valid workspace resource + ID. When Microsoft Defender is disabled, leave the field + empty.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + workloadIdentity: + description: 'WorkloadIdentity: Workload identity settings for + the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See + https://aka.ms/aks/wi for more details.' + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + servicePrincipalProfile: + description: 'ServicePrincipalProfile: Information about a service + principal identity for the cluster to use for manipulating Azure + APIs.' + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + secret: + description: 'Secret: The secret password associated with the + service principal in plain text.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret being + referenced. The secret must be in the same namespace as + the resource + type: string + required: + - key + - name + type: object + required: + - clientId + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + enum: + - Base + type: string + tier: + description: 'Tier: If not specified, the default is ''Free''. + See [AKS Pricing Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) + for more details.' + enum: + - Free + - Standard + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: 'AdminPassword: Specifies the password of the administrator + account. Minimum-length: 8 characters Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to + be fulfilled Has lower characters Has upper characters Has a + digit Has a special character (Regex match [\W_]) Disallowed + values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", + "Pa$$$$word", "pass@word1", "Password!", "Password1", "Password22", + "iloveyou!"' + type: string + adminUsername: + description: 'AdminUsername: Specifies the name of the administrator + account. Restriction: Cannot end in "." Disallowed values: "administrator", + "admin", "user", "user1", "test", "user2", "test1", "user3", + "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", + "backup", "console", "david", "guest", "john", "owner", "root", + "server", "sql", "support", "support_388945a0", "sys", "test2", + "test3", "user4", "user5". Minimum-length: 1 character Max-length: + 20 characters' + type: string + enableCSIProxy: + description: 'EnableCSIProxy: For more details on CSI proxy, see + the [CSI proxy GitHub repo](https://github.com/kubernetes-csi/csi-proxy).' + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: 'DnsServer: Specifies the DNS server for Windows + gMSA. Set it to empty if you have configured the DNS server + in the vnet which is used to create the managed cluster.' + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: 'RootDomainName: Specifies the root domain name + for Windows gMSA. Set it to empty if you have configured + the DNS server in the vnet which is used to create the managed + cluster.' + type: string + type: object + licenseType: + description: 'LicenseType: The license type to use for Windows + VMs. See [Azure Hybrid User Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) + for more details.' + enum: + - None + - Windows_Server + type: string + required: + - adminUsername + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + required: + - enabled + type: object + type: object + required: + - location + - owner + type: object + status: + description: Managed cluster. + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: (DEPRECATED) The client AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: (DEPRECATED) The server AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + serverAppSecret: + description: 'ServerAppSecret: (DEPRECATED) The server AAD application + secret. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + tenantID: + description: 'TenantID: The AAD tenant ID to use for authentication. + If not specified, will use the tenant of the deployment subscription.' + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + identity: + description: 'Identity: Information of user assigned identity + used by this add-on.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones + to use for nodes. This can only be specified if the AgentPoolType + property is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for + system pools. The default value is 1.' + type: integer + creationData: + description: 'CreationData: CreationData to be used to specify + the source Snapshot ID if the node pool will be created/upgraded + using a snapshot.' + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the + source object to be used to create the target object.' + type: string + type: object + currentOrchestratorVersion: + description: 'CurrentOrchestratorVersion: If orchestratorVersion + is a fully specified version , this field + will be exactly equal to it. If orchestratorVersion is , + this field will contain the full version + being used.' + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported + on certain VM sizes and in certain Azure regions. For more + information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require + nodes in a node pool to receive their own dedicated public + IP addresses. A common scenario is for gaming workloads, where + a console needs to make a direct connection to a cloud virtual + machine to minimize hops. For more information see [assigning + a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + hostGroupID: + description: 'HostGroupID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of + container log files that can be present for a container. + The number must be ≥ 2.' + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' + Valid values are a sequence of decimal numbers with an + optional fraction and a unit suffix. For example: ''300ms'', + ''2h45m''. Supported units are ''ns'', ''us'', ''ms'', + ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. + See [Kubernetes CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and + ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information + see [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', + ''best-effort'', ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral + storage.' + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are + ''always'', ''defer'', ''defer+madvise'', ''madvise'' + and ''never''. The default is ''madvise''. For more information + see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are + ''always'', ''madvise'', and ''never''. The default is + ''always''. For more information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' + Agent Pool at all times. For additional information on agent + pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + type: string + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: 'NodePublicIPPrefixID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch + version is chosen automatically. Updating the cluster with + the same once it has been created (e.g. 1.14.x + -> 1.14) will not trigger an upgrade, even if a newer patch + version is available. As a best practice, you should upgrade + all node pools in an AKS cluster to the same Kubernetes version. + The node pool version must have the same major version as + the control plane. The node pool minor version must be within + two minor versions of the control plane version. The node + pool version cannot be greater than the control plane version. + For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the + VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to ''Managed''. May not + be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent + pool. The default is Ubuntu if OSType is Linux. The default + is Windows2019 when Kubernetes <= 1.24 or Windows2022 when + Kubernetes >= 1.25 if OSType is Windows.' + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + type: string + podSubnetID: + description: 'PodSubnetID: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + powerState: + description: 'PowerState: When an Agent Pool is first created + it is initially Running. The Agent Pool can be stopped by + setting this field to Stopped. A stopped Agent Pool stops + all of its VMs and does not accrue billing charges. An Agent + Pool can only be stopped if it is Running and provisioning + state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + type: string + type: object + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity + Placement Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified + unless the scaleSetPriority is ''Spot''. If not specified, + the default is ''Delete''.' + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal + value greater than zero or -1 which indicates the willingness + to pay any on-demand price. For more details on spot pricing, + see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer + (e.g. ''5'') or a percentage (e.g. ''50%''). If a percentage + is specified, it is the percentage of the total agent + pool size at the time of the upgrade. For percentages, + fractional nodes are rounded up. If not specified, the + default is 1. For more information, including best practices, + see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. + If a node contains insufficient compute resources (memory, + cpu, etc) pods might fail to run correctly. For more details + on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetID: + description: 'VnetSubnetID: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies + to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + type: string + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: 'AuthorizedIPRanges: IP ranges are specified in CIDR + format, e.g. 137.117.106.88/29. This feature is not compatible + with clusters that use Public IP Per Node, or clusters that + are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges).' + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: 'EnablePrivateCluster: For more details, see [Creating + a private AKS cluster](https://docs.microsoft.com/azure/aks/private-clusters).' + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + privateDNSZone: + description: 'PrivateDNSZone: The default is System. For more + details see [configure private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). + Allowed values are ''system'' and ''none''.' + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: 'Expander: If not specified, the default is ''random''. + See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information.' + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: 'MaxNodeProvisionTime: The default is ''15m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: 'NewPodScaleUpDelay: For scenarios like burst/batch + scale where you don''t want CA to act before the kubernetes + scheduler could schedule all the pods, you can tell CA to ignore + unscheduled pods before they''re a certain age. The default + is ''0s''. Values must be an integer followed by a unit (''s'' + for seconds, ''m'' for minutes, ''h'' for hours, etc).' + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: 'ScaleDownDelayAfterAdd: The default is ''10m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-delete: + description: 'ScaleDownDelayAfterDelete: The default is the scan-interval. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-failure: + description: 'ScaleDownDelayAfterFailure: The default is ''3m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-unneeded-time: + description: 'ScaleDownUnneededTime: The default is ''10m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-unready-time: + description: 'ScaleDownUnreadyTime: The default is ''20m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + upgradeChannel: + description: 'UpgradeChannel: For more information see [setting + the AKS cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel).' + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Azure Monitor addon profiles for + monitoring the managed cluster.' + properties: + metrics: + description: 'Metrics: Metrics profile for the Azure Monitor managed + service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace + and configure additional scraping for custom targets. See aka.ms/AzureManagedPrometheus + for an overview.' + properties: + enabled: + description: 'Enabled: Whether to enable or disable the Azure + Managed Prometheus addon for Prometheus monitoring. See + aka.ms/AzureManagedPrometheus-aks-enable for details on + enabling and disabling.' + type: boolean + kubeStateMetrics: + description: 'KubeStateMetrics: Kube State Metrics profile + for the Azure Managed Prometheus addon. These optional settings + are for the kube-state-metrics pod that is deployed with + the addon. See aka.ms/AzureManagedPrometheus-optional-parameters + for details.' + properties: + metricAnnotationsAllowList: + description: 'MetricAnnotationsAllowList: Comma-separated + list of Kubernetes annotation keys that will be used + in the resource''s labels metric (Example: ''namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...''). + By default the metric contains only resource name and + namespace labels.' + type: string + metricLabelsAllowlist: + description: 'MetricLabelsAllowlist: Comma-separated list + of additional Kubernetes label keys that will be used + in the resource''s labels metric (Example: ''namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...''). + By default the metric contains only resource name and + namespace labels.' + type: string + type: object + type: object + type: object + azurePortalFQDN: + description: 'AzurePortalFQDN: The Azure Portal requires certain Cross-Origin + Resource Sharing (CORS) headers to be sent in some responses, which + Kubernetes APIServer doesn''t handle by default. This special FQDN + supports CORS, allowing the Azure Portal to function properly.' + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + currentKubernetesVersion: + description: 'CurrentKubernetesVersion: If kubernetesVersion was a + fully specified version , this field will be + exactly equal to it. If kubernetesVersion was , this + field will contain the full version being used.' + type: string + disableLocalAccounts: + description: 'DisableLocalAccounts: If set to true, getting static + credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details + see [disable local accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview).' + type: boolean + diskEncryptionSetID: + description: 'DiskEncryptionSetID: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + type: string + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enablePodSecurityPolicy: + description: 'EnablePodSecurityPolicy: (DEPRECATED) Whether to enable + Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. + Learn more at https://aka.ms/k8s/psp and https://aka.ms/aks/psp.' + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + type: string + type: object + fqdn: + description: 'Fqdn: The FQDN of the master pool.' + type: string + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + id: + description: 'Id: Fully qualified resource ID for the resource. Ex + - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}' + type: string + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + principalId: + description: 'PrincipalId: The principal id of the system assigned + identity which is used by master components.' + type: string + tenantId: + description: 'TenantId: The tenant id of the system assigned identity + which is used by master components.' + type: string + type: + description: 'Type: For more information see [use managed identities + in AKS](https://docs.microsoft.com/azure/aks/use-managed-identity).' + type: string + userAssignedIdentities: + additionalProperties: + properties: + clientId: + description: 'ClientId: The client id of user assigned identity.' + type: string + principalId: + description: 'PrincipalId: The principal id of user assigned + identity.' + type: string + type: object + description: 'UserAssignedIdentities: The keys must be ARM resource + IDs in the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''.' + type: object + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + kubernetesVersion: + description: 'KubernetesVersion: Both patch version + (e.g. 1.20.13) and (e.g. 1.20) are supported. When + is specified, the latest supported GA patch version + is chosen automatically. Updating the cluster with the same + once it has been created (e.g. 1.14.x -> 1.14) will not trigger + an upgrade, even if a newer patch version is available. When you + upgrade a supported AKS cluster, Kubernetes minor versions cannot + be skipped. All upgrades must be performed sequentially by major + version number. For example, upgrades between 1.14.x -> 1.15.x or + 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. + See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) + for more details.' + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: 'KeyData: Certificate public key used to + authenticate with VMs through SSH. The certificate + must be in PEM format with or without headers.' + type: string + type: object + type: array + type: object + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + maxAgentPools: + description: 'MaxAgentPools: The max number of agent pools for the + managed cluster.' + type: integer + name: + description: 'Name: The name of the resource' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: 'DnsServiceIP: An IP address assigned to the Kubernetes + DNS service. It must be within the Kubernetes service address + range specified in serviceCidr.' + type: string + dockerBridgeCidr: + description: 'DockerBridgeCidr: A CIDR notation IP range assigned + to the Docker bridge network. It must not overlap with any Subnet + IP ranges or the Kubernetes service address range.' + type: string + ipFamilies: + description: 'IpFamilies: IP families are used to determine single-stack + or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6.' + items: + type: string + type: array + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: 'AllocatedOutboundPorts: The desired number of + allocated SNAT ports per VM. Allowed values are in the range + of 0 to 64000 (inclusive). The default value is 0 which + results in Azure dynamically allocating ports.' + type: integer + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 30 minutes.' + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: 'Count: The desired number of IPv4 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 1.' + type: integer + countIPv6: + description: 'CountIPv6: The desired number of IPv6 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 0 for single-stack and 1 for dual-stack.' + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + description: 'LoadBalancerSku: The default is ''standard''. See + [Azure Load Balancer SKUs](https://docs.microsoft.com/azure/load-balancer/skus) + for more information about the differences between load balancer + SKUs.' + type: string + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 4 minutes.' + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: 'Count: The desired number of outbound IPs + created/managed by Azure. Allowed values must be in + the range of 1 to 16 (inclusive). The default value + is 1.' + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + type: string + networkPluginMode: + description: 'NetworkPluginMode: The mode the network plugin should + use.' + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + type: string + outboundType: + description: 'OutboundType: This can only be set at cluster creation + time and cannot be changed later. For more information see [egress + outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype).' + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + type: string + podCidrs: + description: 'PodCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking.' + items: + type: string + type: array + serviceCidr: + description: 'ServiceCidr: A CIDR notation IP range from which + to assign service cluster IPs. It must not overlap with any + Subnet IP ranges.' + type: string + serviceCidrs: + description: 'ServiceCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with + any Subnet IP ranges.' + items: + type: string + type: array + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + issuerURL: + description: 'IssuerURL: The OIDC issuer url of the Managed Cluster.' + type: string + type: object + podIdentityProfile: + description: 'PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on AAD pod identity integration.' + properties: + allowNetworkPluginKubenet: + description: 'AllowNetworkPluginKubenet: Running in Kubenet is + disabled by default due to the security related nature of AAD + Pod Identity and the risks of IP spoofing. See [using Kubenet + network plugin with AAD Pod Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information.' + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user + assigned identity.' + type: string + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + provisioningInfo: + properties: + error: + description: 'Error: Pod identity assignment error (if + any).' + properties: + error: + description: 'Error: Details about the error.' + properties: + code: + description: 'Code: An identifier for the error. + Codes are invariant and are intended to be + consumed programmatically.' + type: string + details: + description: 'Details: A list of additional + details about the error.' + items: + properties: + code: + description: 'Code: An identifier for + the error. Codes are invariant and are + intended to be consumed programmatically.' + type: string + message: + description: 'Message: A message describing + the error, intended to be suitable for + display in a user interface.' + type: string + target: + description: 'Target: The target of the + particular error. For example, the name + of the property in error.' + type: string + type: object + type: array + message: + description: 'Message: A message describing + the error, intended to be suitable for display + in a user interface.' + type: string + target: + description: 'Target: The target of the particular + error. For example, the name of the property + in error.' + type: string + type: object + type: object + type: object + provisioningState: + description: 'ProvisioningState: The current provisioning + state of the pod identity.' + type: string + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + type: object + type: array + type: object + powerState: + description: 'PowerState: The Power State of the cluster.' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + privateFQDN: + description: 'PrivateFQDN: The FQDN of private cluster.' + type: string + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + id: + description: 'Id: The ID of the private link resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + privateLinkServiceID: + description: 'PrivateLinkServiceID: The private link service + ID of the resource, this field is exposed only to NRP internally.' + type: string + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + provisioningState: + description: 'ProvisioningState: The current provisioning state.' + type: string + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + type: string + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: 'AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) + settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: 'KeyId: Identifier of Azure Key Vault key. See + [key identifier format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service + is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service + is disabled, leave the field empty.' + type: string + keyVaultNetworkAccess: + description: 'KeyVaultNetworkAccess: Network access of key + vault. The possible values are `Public` and `Private`. `Public` + means the key vault allows public access from all networks. + `Private` means the key vault disables public access and + enables private link. The default value is `Public`.' + type: string + keyVaultResourceId: + description: 'KeyVaultResourceId: Resource ID of key vault. + When keyVaultNetworkAccess is `Private`, this field is required + and must be a valid resource ID. When keyVaultNetworkAccess + is `Public`, leave the field empty.' + type: string + type: object + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceId: + description: 'LogAnalyticsWorkspaceResourceId: Resource ID + of the Log Analytics workspace to be associated with Microsoft + Defender. When Microsoft Defender is enabled, this field + is required and must be a valid workspace resource ID. When + Microsoft Defender is disabled, leave the field empty.' + type: string + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + workloadIdentity: + description: 'WorkloadIdentity: Workload identity settings for + the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See + https://aka.ms/aks/wi for more details.' + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + servicePrincipalProfile: + description: 'ServicePrincipalProfile: Information about a service + principal identity for the cluster to use for manipulating Azure + APIs.' + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + type: string + tier: + description: 'Tier: If not specified, the default is ''Free''. + See [AKS Pricing Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) + for more details.' + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + systemData: + description: 'SystemData: Azure Resource Manager metadata containing + createdBy and modifiedBy information.' + properties: + createdAt: + description: 'CreatedAt: The timestamp of resource creation (UTC).' + type: string + createdBy: + description: 'CreatedBy: The identity that created the resource.' + type: string + createdByType: + description: 'CreatedByType: The type of identity that created + the resource.' + type: string + lastModifiedAt: + description: 'LastModifiedAt: The timestamp of resource last modification + (UTC)' + type: string + lastModifiedBy: + description: 'LastModifiedBy: The identity that last modified + the resource.' + type: string + lastModifiedByType: + description: 'LastModifiedByType: The type of identity that last + modified the resource.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" + or "Microsoft.Storage/storageAccounts"' + type: string + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: 'AdminPassword: Specifies the password of the administrator + account. Minimum-length: 8 characters Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to + be fulfilled Has lower characters Has upper characters Has a + digit Has a special character (Regex match [\W_]) Disallowed + values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", + "Pa$$$$word", "pass@word1", "Password!", "Password1", "Password22", + "iloveyou!"' + type: string + adminUsername: + description: 'AdminUsername: Specifies the name of the administrator + account. Restriction: Cannot end in "." Disallowed values: "administrator", + "admin", "user", "user1", "test", "user2", "test1", "user3", + "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", + "backup", "console", "david", "guest", "john", "owner", "root", + "server", "sql", "support", "support_388945a0", "sys", "test2", + "test3", "user4", "user5". Minimum-length: 1 character Max-length: + 20 characters' + type: string + enableCSIProxy: + description: 'EnableCSIProxy: For more details on CSI proxy, see + the [CSI proxy GitHub repo](https://github.com/kubernetes-csi/csi-proxy).' + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: 'DnsServer: Specifies the DNS server for Windows + gMSA. Set it to empty if you have configured the DNS server + in the vnet which is used to create the managed cluster.' + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: 'RootDomainName: Specifies the root domain name + for Windows gMSA. Set it to empty if you have configured + the DNS server in the vnet which is used to create the managed + cluster.' + type: string + type: object + licenseType: + description: 'LicenseType: The license type to use for Windows + VMs. See [Azure Hybrid User Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) + for more details.' + type: string + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + type: object + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230201storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20230201.ManagedCluster Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-02-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20230201.ManagedCluster_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + aadProfile: + description: Storage version of v1api20230201.ManagedClusterAADProfile + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: Storage version of v1api20230201.ManagedClusterAddonProfile + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + type: object + type: object + agentPoolProfiles: + items: + description: Storage version of v1api20230201.ManagedClusterAgentPoolProfile + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + count: + type: integer + creationData: + description: Storage version of v1api20230201.CreationData Data + used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID + of the source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupReference: + description: 'HostGroupReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: Storage version of v1api20230201.KubeletConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20230201.LinuxOSConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20230201.SysctlConfig + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixReference: + description: 'NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: Storage version of v1api20230201.PowerState Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + code: + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20230201.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, + a VNET and subnet will be generated and used. If no podSubnetID + is specified, this applies to nodes and pods, otherwise it + applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + type: string + type: object + type: array + apiServerAccessProfile: + description: Storage version of v1api20230201.ManagedClusterAPIServerAccessProfile + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + disableRunCommand: + type: boolean + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + privateDNSZone: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20230201.ManagedClusterProperties_AutoScalerProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + expander: + type: string + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: Storage version of v1api20230201.ManagedClusterAutoUpgradeProfile + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + upgradeChannel: + type: string + type: object + azureMonitorProfile: + description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfile + Azure Monitor addon profiles for monitoring the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + metrics: + description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfileMetrics + Metrics profile for the Azure Monitor managed service for Prometheus + addon. Collect out-of-the-box Kubernetes infrastructure metrics + to send to an Azure Monitor Workspace and configure additional + scraping for custom targets. See aka.ms/AzureManagedPrometheus + for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + kubeStateMetrics: + description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfileKubeStateMetrics + Kube State Metrics profile for the Azure Managed Prometheus + addon. These optional settings are for the kube-state-metrics + pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters + for details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + metricAnnotationsAllowList: + type: string + metricLabelsAllowlist: + type: string + type: object + type: object + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + disableLocalAccounts: + type: boolean + diskEncryptionSetReference: + description: 'DiskEncryptionSetReference: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + type: string + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: Storage version of v1api20230201.ExtendedLocation The + complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdnSubdomain: + type: string + httpProxyConfig: + description: Storage version of v1api20230201.ManagedClusterHTTPProxyConfig + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + identity: + description: Storage version of v1api20230201.ManagedClusterIdentity + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + type: + type: string + userAssignedIdentities: + items: + description: Storage version of v1api20230201.UserAssignedIdentityDetails + Information about the user assigned identity for the resource + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: Storage version of v1api20230201.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: object + kubernetesVersion: + type: string + linuxProfile: + description: Storage version of v1api20230201.ContainerServiceLinuxProfile + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: Storage version of v1api20230201.ContainerServiceSshConfiguration + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: Storage version of v1api20230201.ContainerServiceSshPublicKey + Contains information about SSH certificate public key + data. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + networkProfile: + description: Storage version of v1api20230201.ContainerServiceNetworkProfile + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + dnsServiceIP: + type: string + dockerBridgeCidr: + type: string + ipFamilies: + items: + type: string + type: array + loadBalancerProfile: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + effectiveOutboundIPs: + items: + description: Storage version of v1api20230201.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + enableMultipleStandardLoadBalancers: + type: boolean + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + count: + type: integer + countIPv6: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPPrefixes: + items: + description: Storage version of v1api20230201.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPs: + items: + description: Storage version of v1api20230201.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + natGatewayProfile: + description: Storage version of v1api20230201.ManagedClusterNATGatewayProfile + Profile of the managed cluster NAT gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + effectiveOutboundIPs: + items: + description: Storage version of v1api20230201.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPProfile: + description: Storage version of v1api20230201.ManagedClusterManagedOutboundIPProfile + Profile of the managed outbound IP resources of the managed + cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + count: + type: integer + type: object + type: object + networkDataplane: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPluginMode: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + podCidrs: + items: + type: string + type: array + serviceCidr: + type: string + serviceCidrs: + items: + type: string + type: array + type: object + nodeResourceGroup: + type: string + oidcIssuerProfile: + description: Storage version of v1api20230201.ManagedClusterOIDCIssuerProfile + The OIDC issuer profile of the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + operatorSpec: + description: Storage version of v1api20230201.ManagedClusterOperatorSpec + Details for configuring operator behavior. Fields in this struct + are interpreted by the operator directly rather than being passed + to Azure + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + configMaps: + description: Storage version of v1api20230201.ManagedClusterOperatorConfigMaps + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + oidcIssuerProfile: + description: 'ConfigMapDestination describes the location + to store a single configmap value Note: This is similar + to SecretDestination in secrets.go. Changes to one should + likely also be made to the other.' + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: Name is the name of the Kubernetes ConfigMap + being referenced. The ConfigMap must be in the same + namespace as the resource + type: string + required: + - key + - name + type: object + type: object + secrets: + description: Storage version of v1api20230201.ManagedClusterOperatorSecrets + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminCredentials: + description: 'SecretDestination describes the location to + store a single secret value. Note: This is similar to ConfigMapDestination + in configmaps.go. Changes to one should likely also be made + to the other.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: 'SecretDestination describes the location to + store a single secret value. Note: This is similar to ConfigMapDestination + in configmaps.go. Changes to one should likely also be made + to the other.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + originalVersion: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: Storage version of v1api20230201.ManagedClusterPodIdentityProfile + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on pod identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: Storage version of v1api20230201.ManagedClusterPodIdentity + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + bindingSelector: + type: string + identity: + description: Storage version of v1api20230201.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + type: string + namespace: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: Storage version of v1api20230201.ManagedClusterPodIdentityException + See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + privateLinkResources: + items: + description: Storage version of v1api20230201.PrivateLinkResource + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + name: + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + publicNetworkAccess: + type: string + securityProfile: + description: Storage version of v1api20230201.ManagedClusterSecurityProfile + Security profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + azureKeyVaultKms: + description: Storage version of v1api20230201.AzureKeyVaultKms + Azure Key Vault key management service settings for the security + profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + keyId: + type: string + keyVaultNetworkAccess: + type: string + keyVaultResourceReference: + description: 'KeyVaultResourceReference: Resource ID of key + vault. When keyVaultNetworkAccess is `Private`, this field + is required and must be a valid resource ID. When keyVaultNetworkAccess + is `Public`, leave the field empty.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + defender: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileDefender + Microsoft Defender settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + logAnalyticsWorkspaceResourceReference: + description: 'LogAnalyticsWorkspaceResourceReference: Resource + ID of the Log Analytics workspace to be associated with + Microsoft Defender. When Microsoft Defender is enabled, + this field is required and must be a valid workspace resource + ID. When Microsoft Defender is disabled, leave the field + empty.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + securityMonitoring: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileDefenderSecurityMonitoring + Microsoft Defender settings for the security profile threat + detection. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + enabled: + type: boolean + type: object + type: object + imageCleaner: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileImageCleaner + Image Cleaner removes unused images from nodes, freeing up disk + space and helping to reduce attack surface area. Here are settings + for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + intervalHours: + type: integer + type: object + workloadIdentity: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileWorkloadIdentity + Workload identity settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + servicePrincipalProfile: + description: Storage version of v1api20230201.ManagedClusterServicePrincipalProfile + Information about a service principal identity for the cluster to + use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + clientId: + type: string + secret: + description: SecretReference is a reference to a Kubernetes secret + and key in the same namespace as the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret being + referenced. The secret must be in the same namespace as + the resource + type: string + required: + - key + - name + type: object + type: object + sku: + description: Storage version of v1api20230201.ManagedClusterSKU The + SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + storageProfile: + description: Storage version of v1api20230201.ManagedClusterStorageProfile + Storage profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + blobCSIDriver: + description: Storage version of v1api20230201.ManagedClusterStorageProfileBlobCSIDriver + AzureBlob CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + diskCSIDriver: + description: Storage version of v1api20230201.ManagedClusterStorageProfileDiskCSIDriver + AzureDisk CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + fileCSIDriver: + description: Storage version of v1api20230201.ManagedClusterStorageProfileFileCSIDriver + AzureFile CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + snapshotController: + description: Storage version of v1api20230201.ManagedClusterStorageProfileSnapshotController + Snapshot Controller settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + tags: + additionalProperties: + type: string + type: object + windowsProfile: + description: Storage version of v1api20230201.ManagedClusterWindowsProfile + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminPassword: + type: string + adminUsername: + type: string + enableCSIProxy: + type: boolean + gmsaProfile: + description: Storage version of v1api20230201.WindowsGmsaProfile + Windows gMSA Profile in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServer: + type: string + enabled: + type: boolean + rootDomainName: + type: string + type: object + licenseType: + type: string + type: object + workloadAutoScalerProfile: + description: Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfile + Workload Auto-scaler profile for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + keda: + description: Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfileKeda + KEDA (Kubernetes Event-driven Autoscaling) settings for the + workload auto-scaler profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + required: + - owner + type: object + status: + description: Storage version of v1api20230201.ManagedCluster_STATUS Managed + cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + aadProfile: + description: Storage version of v1api20230201.ManagedClusterAADProfile_STATUS + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: Storage version of v1api20230201.ManagedClusterAddonProfile_STATUS + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + identity: + description: Storage version of v1api20230201.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + type: object + agentPoolProfiles: + items: + description: Storage version of v1api20230201.ManagedClusterAgentPoolProfile_STATUS + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + count: + type: integer + creationData: + description: Storage version of v1api20230201.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + sourceResourceId: + type: string + type: object + currentOrchestratorVersion: + type: string + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupID: + type: string + kubeletConfig: + description: Storage version of v1api20230201.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20230201.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20230201.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + nodeImageVersion: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: Storage version of v1api20230201.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + code: + type: string + type: object + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20230201.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetID: + type: string + workloadRuntime: + type: string + type: object + type: array + apiServerAccessProfile: + description: Storage version of v1api20230201.ManagedClusterAPIServerAccessProfile_STATUS + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + disableRunCommand: + type: boolean + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + privateDNSZone: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20230201.ManagedClusterProperties_AutoScalerProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + expander: + type: string + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: Storage version of v1api20230201.ManagedClusterAutoUpgradeProfile_STATUS + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + upgradeChannel: + type: string + type: object + azureMonitorProfile: + description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfile_STATUS + Azure Monitor addon profiles for monitoring the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + metrics: + description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfileMetrics_STATUS + Metrics profile for the Azure Monitor managed service for Prometheus + addon. Collect out-of-the-box Kubernetes infrastructure metrics + to send to an Azure Monitor Workspace and configure additional + scraping for custom targets. See aka.ms/AzureManagedPrometheus + for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + kubeStateMetrics: + description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS + Kube State Metrics profile for the Azure Managed Prometheus + addon. These optional settings are for the kube-state-metrics + pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters + for details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + metricAnnotationsAllowList: + type: string + metricLabelsAllowlist: + type: string + type: object + type: object + type: object + azurePortalFQDN: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + currentKubernetesVersion: + type: string + disableLocalAccounts: + type: boolean + diskEncryptionSetID: + type: string + dnsPrefix: + type: string + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: Storage version of v1api20230201.ExtendedLocation_STATUS + The complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdn: + type: string + fqdnSubdomain: + type: string + httpProxyConfig: + description: Storage version of v1api20230201.ManagedClusterHTTPProxyConfig_STATUS + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + id: + type: string + identity: + description: Storage version of v1api20230201.ManagedClusterIdentity_STATUS + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + principalId: + type: string + tenantId: + type: string + type: + type: string + userAssignedIdentities: + additionalProperties: + description: Storage version of v1api20230201.ManagedClusterIdentity_UserAssignedIdentities_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + clientId: + type: string + principalId: + type: string + type: object + type: object + type: object + identityProfile: + additionalProperties: + description: Storage version of v1api20230201.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + kubernetesVersion: + type: string + linuxProfile: + description: Storage version of v1api20230201.ContainerServiceLinuxProfile_STATUS + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: Storage version of v1api20230201.ContainerServiceSshConfiguration_STATUS + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: Storage version of v1api20230201.ContainerServiceSshPublicKey_STATUS + Contains information about SSH certificate public key + data. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + maxAgentPools: + type: integer + name: + type: string + networkProfile: + description: Storage version of v1api20230201.ContainerServiceNetworkProfile_STATUS + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + dnsServiceIP: + type: string + dockerBridgeCidr: + type: string + ipFamilies: + items: + type: string + type: array + loadBalancerProfile: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_STATUS + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + effectiveOutboundIPs: + items: + description: Storage version of v1api20230201.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + enableMultipleStandardLoadBalancers: + type: boolean + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + count: + type: integer + countIPv6: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPPrefixes: + items: + description: Storage version of v1api20230201.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPs: + items: + description: Storage version of v1api20230201.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + natGatewayProfile: + description: Storage version of v1api20230201.ManagedClusterNATGatewayProfile_STATUS + Profile of the managed cluster NAT gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + effectiveOutboundIPs: + items: + description: Storage version of v1api20230201.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPProfile: + description: Storage version of v1api20230201.ManagedClusterManagedOutboundIPProfile_STATUS + Profile of the managed outbound IP resources of the managed + cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + count: + type: integer + type: object + type: object + networkDataplane: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPluginMode: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + podCidrs: + items: + type: string + type: array + serviceCidr: + type: string + serviceCidrs: + items: + type: string + type: array + type: object + nodeResourceGroup: + type: string + oidcIssuerProfile: + description: Storage version of v1api20230201.ManagedClusterOIDCIssuerProfile_STATUS + The OIDC issuer profile of the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + issuerURL: + type: string + type: object + podIdentityProfile: + description: Storage version of v1api20230201.ManagedClusterPodIdentityProfile_STATUS + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on pod identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: Storage version of v1api20230201.ManagedClusterPodIdentity_STATUS + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + bindingSelector: + type: string + identity: + description: Storage version of v1api20230201.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + name: + type: string + namespace: + type: string + provisioningInfo: + description: Storage version of v1api20230201.ManagedClusterPodIdentity_ProvisioningInfo_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + error: + description: Storage version of v1api20230201.ManagedClusterPodIdentityProvisioningError_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + error: + description: Storage version of v1api20230201.ManagedClusterPodIdentityProvisioningErrorBody_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set + of stashed information that used for properties + not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + details: + items: + description: Storage version of v1api20230201.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered + set of stashed information that used + for properties not directly supported + by storage resources, allowing for full + fidelity round trip conversions + type: object + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: + type: string + target: + type: string + type: object + type: object + type: object + provisioningState: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: Storage version of v1api20230201.ManagedClusterPodIdentityException_STATUS + See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + powerState: + description: Storage version of v1api20230201.PowerState_STATUS Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + privateFQDN: + type: string + privateLinkResources: + items: + description: Storage version of v1api20230201.PrivateLinkResource_STATUS + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + id: + type: string + name: + type: string + privateLinkServiceID: + type: string + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + provisioningState: + type: string + publicNetworkAccess: + type: string + securityProfile: + description: Storage version of v1api20230201.ManagedClusterSecurityProfile_STATUS + Security profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + azureKeyVaultKms: + description: Storage version of v1api20230201.AzureKeyVaultKms_STATUS + Azure Key Vault key management service settings for the security + profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + keyId: + type: string + keyVaultNetworkAccess: + type: string + keyVaultResourceId: + type: string + type: object + defender: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileDefender_STATUS + Microsoft Defender settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + logAnalyticsWorkspaceResourceId: + type: string + securityMonitoring: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS + Microsoft Defender settings for the security profile threat + detection. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + enabled: + type: boolean + type: object + type: object + imageCleaner: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileImageCleaner_STATUS + Image Cleaner removes unused images from nodes, freeing up disk + space and helping to reduce attack surface area. Here are settings + for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + intervalHours: + type: integer + type: object + workloadIdentity: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileWorkloadIdentity_STATUS + Workload identity settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + servicePrincipalProfile: + description: Storage version of v1api20230201.ManagedClusterServicePrincipalProfile_STATUS + Information about a service principal identity for the cluster to + use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + clientId: + type: string + type: object + sku: + description: Storage version of v1api20230201.ManagedClusterSKU_STATUS + The SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + storageProfile: + description: Storage version of v1api20230201.ManagedClusterStorageProfile_STATUS + Storage profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + blobCSIDriver: + description: Storage version of v1api20230201.ManagedClusterStorageProfileBlobCSIDriver_STATUS + AzureBlob CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + diskCSIDriver: + description: Storage version of v1api20230201.ManagedClusterStorageProfileDiskCSIDriver_STATUS + AzureDisk CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + fileCSIDriver: + description: Storage version of v1api20230201.ManagedClusterStorageProfileFileCSIDriver_STATUS + AzureFile CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + snapshotController: + description: Storage version of v1api20230201.ManagedClusterStorageProfileSnapshotController_STATUS + Snapshot Controller settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + systemData: + description: Storage version of v1api20230201.SystemData_STATUS Metadata + pertaining to creation and last modification of the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + createdAt: + type: string + createdBy: + type: string + createdByType: + type: string + lastModifiedAt: + type: string + lastModifiedBy: + type: string + lastModifiedByType: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + type: + type: string + windowsProfile: + description: Storage version of v1api20230201.ManagedClusterWindowsProfile_STATUS + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminPassword: + type: string + adminUsername: + type: string + enableCSIProxy: + type: boolean + gmsaProfile: + description: Storage version of v1api20230201.WindowsGmsaProfile_STATUS + Windows gMSA Profile in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServer: + type: string + enabled: + type: boolean + rootDomainName: + type: string + type: object + licenseType: + type: string + type: object + workloadAutoScalerProfile: + description: Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfile_STATUS + Workload Auto-scaler profile for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + keda: + description: Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfileKeda_STATUS + KEDA (Kubernetes Event-driven Autoscaling) settings for the + workload auto-scaler profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230202preview + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-02-02-preview/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: (DEPRECATED) The client AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: (DEPRECATED) The server AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + serverAppSecret: + description: 'ServerAppSecret: (DEPRECATED) The server AAD application + secret. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + tenantID: + description: 'TenantID: The AAD tenant ID to use for authentication. + If not specified, will use the tenant of the deployment subscription.' + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + required: + - enabled + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones + to use for nodes. This can only be specified if the AgentPoolType + property is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + capacityReservationGroupID: + description: 'CapacityReservationGroupID: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + type: string + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for + system pools. The default value is 1.' + type: integer + creationData: + description: 'CreationData: CreationData to be used to specify + the source Snapshot ID if the node pool will be created/upgraded + using a snapshot.' + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID + of the source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: 'EnableCustomCATrust: When set to true, AKS adds + a label to the node indicating that the feature is enabled + and deploys a daemonset along with host services to sync custom + certificate authorities from user-provided list of base64 + encoded certificates into node trust stores. Defaults to false.' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported + on certain VM sizes and in certain Azure regions. For more + information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require + nodes in a node pool to receive their own dedicated public + IP addresses. A common scenario is for gaming workloads, where + a console needs to make a direct connection to a cloud virtual + machine to minimize hops. For more information see [assigning + a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + hostGroupReference: + description: 'HostGroupReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of + container log files that can be present for a container. + The number must be ≥ 2.' + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' + Valid values are a sequence of decimal numbers with an + optional fraction and a unit suffix. For example: ''300ms'', + ''2h45m''. Supported units are ''ns'', ''us'', ''ms'', + ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. + See [Kubernetes CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and + ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information + see [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', + ''best-effort'', ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral + storage.' + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are + ''always'', ''defer'', ''defer+madvise'', ''madvise'' + and ''never''. The default is ''madvise''. For more information + see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are + ''always'', ''madvise'', and ''never''. The default is + ''always''. For more information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + messageOfTheDay: + description: 'MessageOfTheDay: A base64-encoded string which + will be written to /etc/motd after decoding. This allows customization + of the message of the day for Linux nodes. It must not be + specified for Windows nodes. It must be a static string (i.e., + will be printed raw and not be executed as a script).' + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' + Agent Pool at all times. For additional information on agent + pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + enum: + - System + - User + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + pattern: ^[a-z][a-z0-9]{0,11}$ + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an + agent pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are + allowed to access. The specified ranges are allowed to + overlap.' + items: + description: The port range. + properties: + portEnd: + description: 'PortEnd: The maximum port that is included + in the range. It should be ranged from 1 to 65535, + and be greater than or equal to portStart.' + maximum: 65535 + minimum: 1 + type: integer + portStart: + description: 'PortStart: The minimum port that is + included in the range. It should be ranged from + 1 to 65535, and be less than or equal to portEnd.' + maximum: 65535 + minimum: 1 + type: integer + protocol: + description: 'Protocol: The network protocol of the + port.' + enum: + - TCP + - UDP + type: string + type: object + type: array + applicationSecurityGroupsReferences: + description: 'ApplicationSecurityGroupsReferences: The IDs + of the application security groups which agent pool will + associate when created.' + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, Kind, + Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level + public IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: + RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated + with the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixReference: + description: 'NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + and are supported. When is specified, + the latest supported patch version is chosen automatically. + Updating the agent pool with the same once it + has been created will not trigger an upgrade, even if a newer + patch version is available. As a best practice, you should + upgrade all node pools in an AKS cluster to the same Kubernetes + version. The node pool version must have the same major version + as the control plane. The node pool minor version must be + within two minor versions of the control plane version. The + node pool version cannot be greater than the control plane + version. For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the + VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to ''Managed''. May not + be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent + pool. If not specified, the default is Ubuntu if OSType=Linux + or Windows2019 if OSType=Windows. And the default Windows + OSSKU will be changed to Windows2022 after Windows2019 is + deprecated.' + enum: + - CBLMariner + - Mariner + - Ubuntu + - Windows2019 + - Windows2022 + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + enum: + - Linux + - Windows + type: string + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: 'PowerState: When an Agent Pool is first created + it is initially Running. The Agent Pool can be stopped by + setting this field to Stopped. A stopped Agent Pool stops + all of its VMs and does not accrue billing charges. An Agent + Pool can only be stopped if it is Running and provisioning + state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified + unless the scaleSetPriority is ''Spot''. If not specified, + the default is ''Delete''.' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal + value greater than zero or -1 which indicates the willingness + to pay any on-demand price. For more details on spot pricing, + see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer + (e.g. ''5'') or a percentage (e.g. ''50%''). If a percentage + is specified, it is the percentage of the total agent + pool size at the time of the upgrade. For percentages, + fractional nodes are rounded up. If not specified, the + default is 1. For more information, including best practices, + see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. + If a node contains insufficient compute resources (memory, + cpu, etc) pods might fail to run correctly. For more details + on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, + a VNET and subnet will be generated and used. If no podSubnetID + is specified, this applies to nodes and pods, otherwise it + applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific + profile.' + properties: + disableOutboundNat: + description: 'DisableOutboundNat: The default value is false. + Outbound NAT can only be disabled if the cluster outboundType + is NAT Gateway and the Windows agent pool does not have + node public IP enabled.' + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + enum: + - KataMshvVmIsolation + - OCIContainer + - WasmWasi + type: string + required: + - name + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: 'AuthorizedIPRanges: IP ranges are specified in CIDR + format, e.g. 137.117.106.88/29. This feature is not compatible + with clusters that use Public IP Per Node, or clusters that + are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges).' + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: 'EnablePrivateCluster: For more details, see [Creating + a private AKS cluster](https://docs.microsoft.com/azure/aks/private-clusters).' + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + enableVnetIntegration: + description: 'EnableVnetIntegration: Whether to enable apiserver + vnet integration for the cluster or not.' + type: boolean + privateDNSZone: + description: 'PrivateDNSZone: The default is System. For more + details see [configure private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). + Allowed values are ''system'' and ''none''.' + type: string + subnetId: + description: 'SubnetId: It is required when: 1. creating a new + cluster with BYO Vnet; 2. updating an existing cluster to enable + apiserver vnet integration.' + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: 'Expander: If not specified, the default is ''random''. + See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information.' + enum: + - least-waste + - most-pods + - priority + - random + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: 'MaxNodeProvisionTime: The default is ''15m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: 'NewPodScaleUpDelay: For scenarios like burst/batch + scale where you don''t want CA to act before the kubernetes + scheduler could schedule all the pods, you can tell CA to ignore + unscheduled pods before they''re a certain age. The default + is ''0s''. Values must be an integer followed by a unit (''s'' + for seconds, ''m'' for minutes, ''h'' for hours, etc).' + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: 'ScaleDownDelayAfterAdd: The default is ''10m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-delete: + description: 'ScaleDownDelayAfterDelete: The default is the scan-interval. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-failure: + description: 'ScaleDownDelayAfterFailure: The default is ''3m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-unneeded-time: + description: 'ScaleDownUnneededTime: The default is ''10m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-unready-time: + description: 'ScaleDownUnreadyTime: The default is ''20m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + nodeOSUpgradeChannel: + description: 'NodeOSUpgradeChannel: The default is Unmanaged, + but may change to either NodeImage or SecurityPatch at GA.' + enum: + - NodeImage + - None + - SecurityPatch + - Unmanaged + type: string + upgradeChannel: + description: 'UpgradeChannel: For more information see [setting + the AKS cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel).' + enum: + - node-image + - none + - patch + - rapid + - stable + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Prometheus addon profile for the + container service cluster' + properties: + metrics: + description: 'Metrics: Metrics profile for the prometheus service + addon' + properties: + enabled: + description: 'Enabled: Whether to enable the Prometheus collector' + type: boolean + kubeStateMetrics: + description: 'KubeStateMetrics: Kube State Metrics for prometheus + addon profile for the container service cluster' + properties: + metricAnnotationsAllowList: + description: 'MetricAnnotationsAllowList: Comma-separated + list of additional Kubernetes label keys that will be + used in the resource''s labels metric.' + type: string + metricLabelsAllowlist: + description: 'MetricLabelsAllowlist: Comma-separated list + of Kubernetes annotations keys that will be used in + the resource''s labels metric.' + type: string + type: object + required: + - enabled + type: object + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ + type: string + creationData: + description: 'CreationData: CreationData to be used to specify the + source Snapshot ID if the cluster will be created/upgraded using + a snapshot.' + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + disableLocalAccounts: + description: 'DisableLocalAccounts: If set to true, getting static + credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details + see [disable local accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview).' + type: boolean + diskEncryptionSetReference: + description: 'DiskEncryptionSetReference: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enableNamespaceResources: + description: 'EnableNamespaceResources: The default value is false. + It can be enabled/disabled on creation and updating of the managed + cluster. See [https://aka.ms/NamespaceARMResource](https://aka.ms/NamespaceARMResource) + for more details on Namespace as a ARM Resource.' + type: boolean + enablePodSecurityPolicy: + description: 'EnablePodSecurityPolicy: (DEPRECATED) Whether to enable + Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. + Learn more at https://aka.ms/k8s/psp and https://aka.ms/aks/psp.' + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + enum: + - EdgeZone + type: string + type: object + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + guardrailsProfile: + description: 'GuardrailsProfile: The guardrails profile holds all + the guardrails information for a given cluster' + properties: + excludedNamespaces: + description: 'ExcludedNamespaces: List of namespaces excluded + from guardrails checks' + items: + type: string + type: array + level: + description: 'Level: The guardrails level to be used. By default, + Guardrails is enabled for all namespaces except those that AKS + excludes via systemExcludedNamespaces' + enum: + - Enforcement + - "Off" + - Warning + type: string + version: + description: 'Version: The version of constraints to use' + type: string + required: + - level + - version + type: object + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + type: + description: 'Type: For more information see [use managed identities + in AKS](https://docs.microsoft.com/azure/aks/use-managed-identity).' + enum: + - None + - SystemAssigned + - UserAssigned + type: string + userAssignedIdentities: + description: 'UserAssignedIdentities: The keys must be ARM resource + IDs in the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''.' + items: + description: Information about the user assigned identity for + the resource + properties: + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + ingressProfile: + description: 'IngressProfile: Ingress profile for the managed cluster.' + properties: + webAppRouting: + description: 'WebAppRouting: Web App Routing settings for the + ingress profile.' + properties: + dnsZoneResourceReference: + description: 'DnsZoneResourceReference: Resource ID of the + DNS Zone to be associated with the web app. Used only when + Web App Routing is enabled.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + enabled: + description: 'Enabled: Whether to enable Web App Routing.' + type: boolean + type: object + type: object + kubernetesVersion: + description: 'KubernetesVersion: When you upgrade a supported AKS + cluster, Kubernetes minor versions cannot be skipped. All upgrades + must be performed sequentially by major version number. For example, + upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, + however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) + for more details.' + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + pattern: ^[A-Za-z][-A-Za-z0-9_]*$ + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: 'KeyData: Certificate public key used to + authenticate with VMs through SSH. The certificate + must be in PEM format with or without headers.' + type: string + required: + - keyData + type: object + type: array + required: + - publicKeys + type: object + required: + - adminUsername + - ssh + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: 'DnsServiceIP: An IP address assigned to the Kubernetes + DNS service. It must be within the Kubernetes service address + range specified in serviceCidr.' + pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ + type: string + dockerBridgeCidr: + description: 'DockerBridgeCidr: A CIDR notation IP range assigned + to the Docker bridge network. It must not overlap with any Subnet + IP ranges or the Kubernetes service address range.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + ipFamilies: + description: 'IpFamilies: IP families are used to determine single-stack + or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6.' + items: + enum: + - IPv4 + - IPv6 + type: string + type: array + kubeProxyConfig: + description: 'KubeProxyConfig: Holds configuration customizations + for kube-proxy. Any values not defined will use the kube-proxy + defaulting behavior. See https://v.docs.kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/ + where is represented by a - + string. Kubernetes version 1.23 would be ''1-23''.' + properties: + enabled: + description: 'Enabled: Whether to enable on kube-proxy on + the cluster (if no ''kubeProxyConfig'' exists, kube-proxy + is enabled in AKS by default without these customizations).' + type: boolean + ipvsConfig: + description: 'IpvsConfig: Holds configuration customizations + for IPVS. May only be specified if ''mode'' is set to ''IPVS''.' + properties: + scheduler: + description: 'Scheduler: IPVS scheduler, for more information + please see http://www.linuxvirtualserver.org/docs/scheduling.html.' + enum: + - LeastConnection + - RoundRobin + type: string + tcpFinTimeoutSeconds: + description: 'TcpFinTimeoutSeconds: The timeout value + used for IPVS TCP sessions after receiving a FIN in + seconds. Must be a positive integer value.' + type: integer + tcpTimeoutSeconds: + description: 'TcpTimeoutSeconds: The timeout value used + for idle IPVS TCP sessions in seconds. Must be a positive + integer value.' + type: integer + udpTimeoutSeconds: + description: 'UdpTimeoutSeconds: The timeout value used + for IPVS UDP packets in seconds. Must be a positive + integer value.' + type: integer + type: object + mode: + description: 'Mode: Specify which proxy mode to use (''IPTABLES'' + or ''IPVS'')' + enum: + - IPTABLES + - IPVS + type: string + type: object + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: 'AllocatedOutboundPorts: The desired number of + allocated SNAT ports per VM. Allowed values are in the range + of 0 to 64000 (inclusive). The default value is 0 which + results in Azure dynamically allocating ports.' + maximum: 64000 + minimum: 0 + type: integer + backendPoolType: + description: 'BackendPoolType: The type of the managed inbound + Load Balancer BackendPool.' + enum: + - NodeIP + - NodeIPConfiguration + type: string + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 30 minutes.' + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: 'Count: The desired number of IPv4 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 1.' + maximum: 100 + minimum: 1 + type: integer + countIPv6: + description: 'CountIPv6: The desired number of IPv6 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 0 for single-stack and 1 for dual-stack.' + maximum: 100 + minimum: 0 + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + description: 'LoadBalancerSku: The default is ''standard''. See + [Azure Load Balancer SKUs](https://docs.microsoft.com/azure/load-balancer/skus) + for more information about the differences between load balancer + SKUs.' + enum: + - basic + - standard + type: string + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 4 minutes.' + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: 'Count: The desired number of outbound IPs + created/managed by Azure. Allowed values must be in + the range of 1 to 16 (inclusive). The default value + is 1.' + maximum: 16 + minimum: 1 + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + enum: + - azure + - cilium + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + enum: + - bridge + - transparent + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + enum: + - azure + - kubenet + - none + type: string + networkPluginMode: + description: 'NetworkPluginMode: Network plugin mode used for + building the Kubernetes network.' + enum: + - Overlay + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + enum: + - azure + - calico + - cilium + type: string + outboundType: + description: 'OutboundType: This can only be set at cluster creation + time and cannot be changed later. For more information see [egress + outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype).' + enum: + - loadBalancer + - managedNATGateway + - userAssignedNATGateway + - userDefinedRouting + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + podCidrs: + description: 'PodCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking.' + items: + type: string + type: array + serviceCidr: + description: 'ServiceCidr: A CIDR notation IP range from which + to assign service cluster IPs. It must not overlap with any + Subnet IP ranges.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + serviceCidrs: + description: 'ServiceCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with + any Subnet IP ranges.' + items: + type: string + type: array + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + nodeResourceGroupProfile: + description: 'NodeResourceGroupProfile: The node resource group configuration + profile.' + properties: + restrictionLevel: + description: 'RestrictionLevel: The restriction level applied + to the cluster''s node resource group' + enum: + - ReadOnly + - Unrestricted + type: string + type: object + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + type: object + operatorSpec: + description: 'OperatorSpec: The specification for configuring operator + behavior. This field is interpreted by the operator and not passed + directly to Azure' + properties: + configMaps: + description: 'ConfigMaps: configures where to place operator written + ConfigMaps.' + properties: + oidcIssuerProfile: + description: 'OIDCIssuerProfile: indicates where the OIDCIssuerProfile + config map should be placed. If omitted, no config map will + be created.' + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: Name is the name of the Kubernetes ConfigMap + being referenced. The ConfigMap must be in the same + namespace as the resource + type: string + required: + - key + - name + type: object + type: object + secrets: + description: 'Secrets: configures where to place Azure generated + secrets.' + properties: + adminCredentials: + description: 'AdminCredentials: indicates where the AdminCredentials + secret should be placed. If omitted, the secret will not + be retrieved from Azure.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: 'UserCredentials: indicates where the UserCredentials + secret should be placed. If omitted, the secret will not + be retrieved from Azure.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: 'PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on AAD pod identity integration.' + properties: + allowNetworkPluginKubenet: + description: 'AllowNetworkPluginKubenet: Running in Kubenet is + disabled by default due to the security related nature of AAD + Pod Identity and the risks of IP spoofing. See [using Kubenet + network plugin with AAD Pod Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information.' + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + required: + - identity + - name + - namespace + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + required: + - name + - namespace + - podLabels + type: object + type: array + type: object + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + enum: + - Disabled + - Enabled + - SecuredByPerimeter + type: string + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: 'AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) + settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: 'KeyId: Identifier of Azure Key Vault key. See + [key identifier format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service + is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service + is disabled, leave the field empty.' + type: string + keyVaultNetworkAccess: + description: 'KeyVaultNetworkAccess: Network access of key + vault. The possible values are `Public` and `Private`. `Public` + means the key vault allows public access from all networks. + `Private` means the key vault disables public access and + enables private link. The default value is `Public`.' + enum: + - Private + - Public + type: string + keyVaultResourceReference: + description: 'KeyVaultResourceReference: Resource ID of key + vault. When keyVaultNetworkAccess is `Private`, this field + is required and must be a valid resource ID. When keyVaultNetworkAccess + is `Public`, leave the field empty.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + customCATrustCertificates: + description: 'CustomCATrustCertificates: A list of up to 10 base64 + encoded CAs that will be added to the trust store on nodes with + the Custom CA Trust feature enabled. For more information see + [Custom CA Trust Certificates](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority)' + items: + type: string + maxItems: 10 + minItems: 0 + type: array + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceReference: + description: 'LogAnalyticsWorkspaceResourceReference: Resource + ID of the Log Analytics workspace to be associated with + Microsoft Defender. When Microsoft Defender is enabled, + this field is required and must be a valid workspace resource + ID. When Microsoft Defender is disabled, leave the field + empty.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + nodeRestriction: + description: 'NodeRestriction: [Node Restriction](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction) + settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Node Restriction' + type: boolean + type: object + workloadIdentity: + description: 'WorkloadIdentity: Workload identity settings for + the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See + https://aka.ms/aks/wi for more details.' + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + serviceMeshProfile: + description: 'ServiceMeshProfile: Service mesh profile for a managed + cluster.' + properties: + istio: + description: 'Istio: Istio service mesh configuration.' + properties: + components: + description: 'Components: Istio components configuration.' + properties: + ingressGateways: + description: 'IngressGateways: Istio ingress gateways.' + items: + description: Istio ingress gateway configuration. For + now, we support up to one external ingress gateway + named `aks-istio-ingressgateway-external` and one + internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + enabled: + description: 'Enabled: Whether to enable the ingress + gateway.' + type: boolean + mode: + description: 'Mode: Mode of an ingress gateway.' + enum: + - External + - Internal + type: string + required: + - enabled + - mode + type: object + type: array + type: object + type: object + mode: + description: 'Mode: Mode of the service mesh.' + enum: + - Disabled + - Istio + type: string + required: + - mode + type: object + servicePrincipalProfile: + description: 'ServicePrincipalProfile: Information about a service + principal identity for the cluster to use for manipulating Azure + APIs.' + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + secret: + description: 'Secret: The secret password associated with the + service principal in plain text.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret being + referenced. The secret must be in the same namespace as + the resource + type: string + required: + - key + - name + type: object + required: + - clientId + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + enum: + - Base + type: string + tier: + description: 'Tier: If not specified, the default is ''Free''. + See [AKS Pricing Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) + for more details.' + enum: + - Free + - Standard + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + version: + description: 'Version: The version of AzureDisk CSI Driver. + The default value is v1.' + type: string + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading a cluster.' + properties: + overrideSettings: + description: 'OverrideSettings: Settings for overrides.' + properties: + controlPlaneOverrides: + description: 'ControlPlaneOverrides: List of upgrade overrides + when upgrading a cluster''s control plane.' + items: + description: The list of control plane upgrade override + settings. + enum: + - IgnoreKubernetesDeprecations + type: string + type: array + until: + description: 'Until: Until when the overrides are effective. + Note that this only matches the start time of an upgrade, + and the effectiveness won''t change once an upgrade starts + even if the `until` expires as upgrade proceeds. This field + is not set by default. It must be set for the overrides + to take effect.' + type: string + type: object + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: 'AdminPassword: Specifies the password of the administrator + account. Minimum-length: 8 characters Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to + be fulfilled Has lower characters Has upper characters Has a + digit Has a special character (Regex match [\W_]) Disallowed + values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", + "Pa$$$$word", "pass@word1", "Password!", "Password1", "Password22", + "iloveyou!"' + type: string + adminUsername: + description: 'AdminUsername: Specifies the name of the administrator + account. Restriction: Cannot end in "." Disallowed values: "administrator", + "admin", "user", "user1", "test", "user2", "test1", "user3", + "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", + "backup", "console", "david", "guest", "john", "owner", "root", + "server", "sql", "support", "support_388945a0", "sys", "test2", + "test3", "user4", "user5". Minimum-length: 1 character Max-length: + 20 characters' + type: string + enableCSIProxy: + description: 'EnableCSIProxy: For more details on CSI proxy, see + the [CSI proxy GitHub repo](https://github.com/kubernetes-csi/csi-proxy).' + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: 'DnsServer: Specifies the DNS server for Windows + gMSA. Set it to empty if you have configured the DNS server + in the vnet which is used to create the managed cluster.' + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: 'RootDomainName: Specifies the root domain name + for Windows gMSA. Set it to empty if you have configured + the DNS server in the vnet which is used to create the managed + cluster.' + type: string + type: object + licenseType: + description: 'LicenseType: The license type to use for Windows + VMs. See [Azure Hybrid User Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) + for more details.' + enum: + - None + - Windows_Server + type: string + required: + - adminUsername + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + required: + - enabled + type: object + verticalPodAutoscaler: + properties: + controlledValues: + description: 'ControlledValues: Controls which resource value + autoscaler will change. Default value is RequestsAndLimits.' + enum: + - RequestsAndLimits + - RequestsOnly + type: string + enabled: + description: 'Enabled: Whether to enable VPA. Default value + is false.' + type: boolean + updateMode: + description: 'UpdateMode: Each update mode level is a superset + of the lower levels. Off, this field + will be exactly equal to it. If orchestratorVersion was , + this field will contain the full version + being used.' + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: 'EnableCustomCATrust: When set to true, AKS adds + a label to the node indicating that the feature is enabled + and deploys a daemonset along with host services to sync custom + certificate authorities from user-provided list of base64 + encoded certificates into node trust stores. Defaults to false.' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported + on certain VM sizes and in certain Azure regions. For more + information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require + nodes in a node pool to receive their own dedicated public + IP addresses. A common scenario is for gaming workloads, where + a console needs to make a direct connection to a cloud virtual + machine to minimize hops. For more information see [assigning + a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + hostGroupID: + description: 'HostGroupID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of + container log files that can be present for a container. + The number must be ≥ 2.' + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' + Valid values are a sequence of decimal numbers with an + optional fraction and a unit suffix. For example: ''300ms'', + ''2h45m''. Supported units are ''ns'', ''us'', ''ms'', + ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. + See [Kubernetes CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and + ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information + see [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', + ''best-effort'', ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral + storage.' + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are + ''always'', ''defer'', ''defer+madvise'', ''madvise'' + and ''never''. The default is ''madvise''. For more information + see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are + ''always'', ''madvise'', and ''never''. The default is + ''always''. For more information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + messageOfTheDay: + description: 'MessageOfTheDay: A base64-encoded string which + will be written to /etc/motd after decoding. This allows customization + of the message of the day for Linux nodes. It must not be + specified for Windows nodes. It must be a static string (i.e., + will be printed raw and not be executed as a script).' + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' + Agent Pool at all times. For additional information on agent + pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an + agent pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are + allowed to access. The specified ranges are allowed to + overlap.' + items: + description: The port range. + properties: + portEnd: + description: 'PortEnd: The maximum port that is included + in the range. It should be ranged from 1 to 65535, + and be greater than or equal to portStart.' + type: integer + portStart: + description: 'PortStart: The minimum port that is + included in the range. It should be ranged from + 1 to 65535, and be less than or equal to portEnd.' + type: integer + protocol: + description: 'Protocol: The network protocol of the + port.' + type: string + type: object + type: array + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: The IDs of the + application security groups which agent pool will associate + when created.' + items: + type: string + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level + public IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: + RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated + with the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: 'NodePublicIPPrefixID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + and are supported. When is specified, + the latest supported patch version is chosen automatically. + Updating the agent pool with the same once it + has been created will not trigger an upgrade, even if a newer + patch version is available. As a best practice, you should + upgrade all node pools in an AKS cluster to the same Kubernetes + version. The node pool version must have the same major version + as the control plane. The node pool minor version must be + within two minor versions of the control plane version. The + node pool version cannot be greater than the control plane + version. For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the + VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to ''Managed''. May not + be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent + pool. If not specified, the default is Ubuntu if OSType=Linux + or Windows2019 if OSType=Windows. And the default Windows + OSSKU will be changed to Windows2022 after Windows2019 is + deprecated.' + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + type: string + podSubnetID: + description: 'PodSubnetID: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + powerState: + description: 'PowerState: When an Agent Pool is first created + it is initially Running. The Agent Pool can be stopped by + setting this field to Stopped. A stopped Agent Pool stops + all of its VMs and does not accrue billing charges. An Agent + Pool can only be stopped if it is Running and provisioning + state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + type: string + type: object + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity + Placement Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified + unless the scaleSetPriority is ''Spot''. If not specified, + the default is ''Delete''.' + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal + value greater than zero or -1 which indicates the willingness + to pay any on-demand price. For more details on spot pricing, + see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer + (e.g. ''5'') or a percentage (e.g. ''50%''). If a percentage + is specified, it is the percentage of the total agent + pool size at the time of the upgrade. For percentages, + fractional nodes are rounded up. If not specified, the + default is 1. For more information, including best practices, + see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. + If a node contains insufficient compute resources (memory, + cpu, etc) pods might fail to run correctly. For more details + on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetID: + description: 'VnetSubnetID: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies + to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific + profile.' + properties: + disableOutboundNat: + description: 'DisableOutboundNat: The default value is false. + Outbound NAT can only be disabled if the cluster outboundType + is NAT Gateway and the Windows agent pool does not have + node public IP enabled.' + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + type: string + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: 'AuthorizedIPRanges: IP ranges are specified in CIDR + format, e.g. 137.117.106.88/29. This feature is not compatible + with clusters that use Public IP Per Node, or clusters that + are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges).' + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: 'EnablePrivateCluster: For more details, see [Creating + a private AKS cluster](https://docs.microsoft.com/azure/aks/private-clusters).' + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + enableVnetIntegration: + description: 'EnableVnetIntegration: Whether to enable apiserver + vnet integration for the cluster or not.' + type: boolean + privateDNSZone: + description: 'PrivateDNSZone: The default is System. For more + details see [configure private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). + Allowed values are ''system'' and ''none''.' + type: string + subnetId: + description: 'SubnetId: It is required when: 1. creating a new + cluster with BYO Vnet; 2. updating an existing cluster to enable + apiserver vnet integration.' + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: 'Expander: If not specified, the default is ''random''. + See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information.' + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: 'MaxNodeProvisionTime: The default is ''15m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: 'NewPodScaleUpDelay: For scenarios like burst/batch + scale where you don''t want CA to act before the kubernetes + scheduler could schedule all the pods, you can tell CA to ignore + unscheduled pods before they''re a certain age. The default + is ''0s''. Values must be an integer followed by a unit (''s'' + for seconds, ''m'' for minutes, ''h'' for hours, etc).' + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: 'ScaleDownDelayAfterAdd: The default is ''10m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-delete: + description: 'ScaleDownDelayAfterDelete: The default is the scan-interval. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-failure: + description: 'ScaleDownDelayAfterFailure: The default is ''3m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-unneeded-time: + description: 'ScaleDownUnneededTime: The default is ''10m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-unready-time: + description: 'ScaleDownUnreadyTime: The default is ''20m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + nodeOSUpgradeChannel: + description: 'NodeOSUpgradeChannel: The default is Unmanaged, + but may change to either NodeImage or SecurityPatch at GA.' + type: string + upgradeChannel: + description: 'UpgradeChannel: For more information see [setting + the AKS cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel).' + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Prometheus addon profile for the + container service cluster' + properties: + metrics: + description: 'Metrics: Metrics profile for the prometheus service + addon' + properties: + enabled: + description: 'Enabled: Whether to enable the Prometheus collector' + type: boolean + kubeStateMetrics: + description: 'KubeStateMetrics: Kube State Metrics for prometheus + addon profile for the container service cluster' + properties: + metricAnnotationsAllowList: + description: 'MetricAnnotationsAllowList: Comma-separated + list of additional Kubernetes label keys that will be + used in the resource''s labels metric.' + type: string + metricLabelsAllowlist: + description: 'MetricLabelsAllowlist: Comma-separated list + of Kubernetes annotations keys that will be used in + the resource''s labels metric.' + type: string + type: object + type: object + type: object + azurePortalFQDN: + description: 'AzurePortalFQDN: The Azure Portal requires certain Cross-Origin + Resource Sharing (CORS) headers to be sent in some responses, which + Kubernetes APIServer doesn''t handle by default. This special FQDN + supports CORS, allowing the Azure Portal to function properly.' + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + creationData: + description: 'CreationData: CreationData to be used to specify the + source Snapshot ID if the cluster will be created/upgraded using + a snapshot.' + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the source + object to be used to create the target object.' + type: string + type: object + currentKubernetesVersion: + description: 'CurrentKubernetesVersion: The version of Kubernetes + the Managed Cluster is running.' + type: string + disableLocalAccounts: + description: 'DisableLocalAccounts: If set to true, getting static + credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details + see [disable local accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview).' + type: boolean + diskEncryptionSetID: + description: 'DiskEncryptionSetID: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + type: string + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enableNamespaceResources: + description: 'EnableNamespaceResources: The default value is false. + It can be enabled/disabled on creation and updating of the managed + cluster. See [https://aka.ms/NamespaceARMResource](https://aka.ms/NamespaceARMResource) + for more details on Namespace as a ARM Resource.' + type: boolean + enablePodSecurityPolicy: + description: 'EnablePodSecurityPolicy: (DEPRECATED) Whether to enable + Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. + Learn more at https://aka.ms/k8s/psp and https://aka.ms/aks/psp.' + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + type: string + type: object + fqdn: + description: 'Fqdn: The FQDN of the master pool.' + type: string + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + guardrailsProfile: + description: 'GuardrailsProfile: The guardrails profile holds all + the guardrails information for a given cluster' + properties: + excludedNamespaces: + description: 'ExcludedNamespaces: List of namespaces excluded + from guardrails checks' + items: + type: string + type: array + level: + description: 'Level: The guardrails level to be used. By default, + Guardrails is enabled for all namespaces except those that AKS + excludes via systemExcludedNamespaces' + type: string + systemExcludedNamespaces: + description: 'SystemExcludedNamespaces: List of namespaces specified + by AKS to be excluded from Guardrails' + items: + type: string + type: array + version: + description: 'Version: The version of constraints to use' + type: string + type: object + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + effectiveNoProxy: + description: 'EffectiveNoProxy: A read-only list of all endpoints + for which traffic should not be sent to the proxy. This list + is a superset of noProxy and values injected by AKS.' + items: + type: string + type: array + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + id: + description: 'Id: Fully qualified resource ID for the resource. Ex + - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}' + type: string + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + principalId: + description: 'PrincipalId: The principal id of the system assigned + identity which is used by master components.' + type: string + tenantId: + description: 'TenantId: The tenant id of the system assigned identity + which is used by master components.' + type: string + type: + description: 'Type: For more information see [use managed identities + in AKS](https://docs.microsoft.com/azure/aks/use-managed-identity).' + type: string + userAssignedIdentities: + additionalProperties: + properties: + clientId: + description: 'ClientId: The client id of user assigned identity.' + type: string + principalId: + description: 'PrincipalId: The principal id of user assigned + identity.' + type: string + type: object + description: 'UserAssignedIdentities: The keys must be ARM resource + IDs in the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''.' + type: object + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + ingressProfile: + description: 'IngressProfile: Ingress profile for the managed cluster.' + properties: + webAppRouting: + description: 'WebAppRouting: Web App Routing settings for the + ingress profile.' + properties: + dnsZoneResourceId: + description: 'DnsZoneResourceId: Resource ID of the DNS Zone + to be associated with the web app. Used only when Web App + Routing is enabled.' + type: string + enabled: + description: 'Enabled: Whether to enable Web App Routing.' + type: boolean + identity: + description: 'Identity: Managed identity of the Web Application + Routing add-on. This is the identity that should be granted + permissions, for example, to manage the associated Azure + DNS resource and get certificates from Azure Key Vault. + See [this overview of the add-on](https://learn.microsoft.com/en-us/azure/aks/web-app-routing?tabs=with-osm) + for more instructions.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user + assigned identity.' + type: string + type: object + type: object + type: object + kubernetesVersion: + description: 'KubernetesVersion: When you upgrade a supported AKS + cluster, Kubernetes minor versions cannot be skipped. All upgrades + must be performed sequentially by major version number. For example, + upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, + however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) + for more details.' + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: 'KeyData: Certificate public key used to + authenticate with VMs through SSH. The certificate + must be in PEM format with or without headers.' + type: string + type: object + type: array + type: object + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + maxAgentPools: + description: 'MaxAgentPools: The max number of agent pools for the + managed cluster.' + type: integer + name: + description: 'Name: The name of the resource' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: 'DnsServiceIP: An IP address assigned to the Kubernetes + DNS service. It must be within the Kubernetes service address + range specified in serviceCidr.' + type: string + dockerBridgeCidr: + description: 'DockerBridgeCidr: A CIDR notation IP range assigned + to the Docker bridge network. It must not overlap with any Subnet + IP ranges or the Kubernetes service address range.' + type: string + ipFamilies: + description: 'IpFamilies: IP families are used to determine single-stack + or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6.' + items: + type: string + type: array + kubeProxyConfig: + description: 'KubeProxyConfig: Holds configuration customizations + for kube-proxy. Any values not defined will use the kube-proxy + defaulting behavior. See https://v.docs.kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/ + where is represented by a - + string. Kubernetes version 1.23 would be ''1-23''.' + properties: + enabled: + description: 'Enabled: Whether to enable on kube-proxy on + the cluster (if no ''kubeProxyConfig'' exists, kube-proxy + is enabled in AKS by default without these customizations).' + type: boolean + ipvsConfig: + description: 'IpvsConfig: Holds configuration customizations + for IPVS. May only be specified if ''mode'' is set to ''IPVS''.' + properties: + scheduler: + description: 'Scheduler: IPVS scheduler, for more information + please see http://www.linuxvirtualserver.org/docs/scheduling.html.' + type: string + tcpFinTimeoutSeconds: + description: 'TcpFinTimeoutSeconds: The timeout value + used for IPVS TCP sessions after receiving a FIN in + seconds. Must be a positive integer value.' + type: integer + tcpTimeoutSeconds: + description: 'TcpTimeoutSeconds: The timeout value used + for idle IPVS TCP sessions in seconds. Must be a positive + integer value.' + type: integer + udpTimeoutSeconds: + description: 'UdpTimeoutSeconds: The timeout value used + for IPVS UDP packets in seconds. Must be a positive + integer value.' + type: integer + type: object + mode: + description: 'Mode: Specify which proxy mode to use (''IPTABLES'' + or ''IPVS'')' + type: string + type: object + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: 'AllocatedOutboundPorts: The desired number of + allocated SNAT ports per VM. Allowed values are in the range + of 0 to 64000 (inclusive). The default value is 0 which + results in Azure dynamically allocating ports.' + type: integer + backendPoolType: + description: 'BackendPoolType: The type of the managed inbound + Load Balancer BackendPool.' + type: string + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 30 minutes.' + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: 'Count: The desired number of IPv4 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 1.' + type: integer + countIPv6: + description: 'CountIPv6: The desired number of IPv6 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 0 for single-stack and 1 for dual-stack.' + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + description: 'LoadBalancerSku: The default is ''standard''. See + [Azure Load Balancer SKUs](https://docs.microsoft.com/azure/load-balancer/skus) + for more information about the differences between load balancer + SKUs.' + type: string + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 4 minutes.' + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: 'Count: The desired number of outbound IPs + created/managed by Azure. Allowed values must be in + the range of 1 to 16 (inclusive). The default value + is 1.' + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + type: string + networkPluginMode: + description: 'NetworkPluginMode: Network plugin mode used for + building the Kubernetes network.' + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + type: string + outboundType: + description: 'OutboundType: This can only be set at cluster creation + time and cannot be changed later. For more information see [egress + outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype).' + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + type: string + podCidrs: + description: 'PodCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking.' + items: + type: string + type: array + serviceCidr: + description: 'ServiceCidr: A CIDR notation IP range from which + to assign service cluster IPs. It must not overlap with any + Subnet IP ranges.' + type: string + serviceCidrs: + description: 'ServiceCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with + any Subnet IP ranges.' + items: + type: string + type: array + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + nodeResourceGroupProfile: + description: 'NodeResourceGroupProfile: The node resource group configuration + profile.' + properties: + restrictionLevel: + description: 'RestrictionLevel: The restriction level applied + to the cluster''s node resource group' + type: string + type: object + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + issuerURL: + description: 'IssuerURL: The OIDC issuer url of the Managed Cluster.' + type: string + type: object + podIdentityProfile: + description: 'PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on AAD pod identity integration.' + properties: + allowNetworkPluginKubenet: + description: 'AllowNetworkPluginKubenet: Running in Kubenet is + disabled by default due to the security related nature of AAD + Pod Identity and the risks of IP spoofing. See [using Kubenet + network plugin with AAD Pod Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information.' + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user + assigned identity.' + type: string + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + provisioningInfo: + properties: + error: + description: 'Error: Pod identity assignment error (if + any).' + properties: + error: + description: 'Error: Details about the error.' + properties: + code: + description: 'Code: An identifier for the error. + Codes are invariant and are intended to be + consumed programmatically.' + type: string + details: + description: 'Details: A list of additional + details about the error.' + items: + properties: + code: + description: 'Code: An identifier for + the error. Codes are invariant and are + intended to be consumed programmatically.' + type: string + message: + description: 'Message: A message describing + the error, intended to be suitable for + display in a user interface.' + type: string + target: + description: 'Target: The target of the + particular error. For example, the name + of the property in error.' + type: string + type: object + type: array + message: + description: 'Message: A message describing + the error, intended to be suitable for display + in a user interface.' + type: string + target: + description: 'Target: The target of the particular + error. For example, the name of the property + in error.' + type: string + type: object + type: object + type: object + provisioningState: + description: 'ProvisioningState: The current provisioning + state of the pod identity.' + type: string + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + type: object + type: array + type: object + powerState: + description: 'PowerState: The Power State of the cluster.' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + privateFQDN: + description: 'PrivateFQDN: The FQDN of private cluster.' + type: string + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + id: + description: 'Id: The ID of the private link resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + privateLinkServiceID: + description: 'PrivateLinkServiceID: The private link service + ID of the resource, this field is exposed only to NRP internally.' + type: string + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + provisioningState: + description: 'ProvisioningState: The current provisioning state.' + type: string + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + type: string + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: 'AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) + settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: 'KeyId: Identifier of Azure Key Vault key. See + [key identifier format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service + is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service + is disabled, leave the field empty.' + type: string + keyVaultNetworkAccess: + description: 'KeyVaultNetworkAccess: Network access of key + vault. The possible values are `Public` and `Private`. `Public` + means the key vault allows public access from all networks. + `Private` means the key vault disables public access and + enables private link. The default value is `Public`.' + type: string + keyVaultResourceId: + description: 'KeyVaultResourceId: Resource ID of key vault. + When keyVaultNetworkAccess is `Private`, this field is required + and must be a valid resource ID. When keyVaultNetworkAccess + is `Public`, leave the field empty.' + type: string + type: object + customCATrustCertificates: + description: 'CustomCATrustCertificates: A list of up to 10 base64 + encoded CAs that will be added to the trust store on nodes with + the Custom CA Trust feature enabled. For more information see + [Custom CA Trust Certificates](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority)' + items: + type: string + type: array + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceId: + description: 'LogAnalyticsWorkspaceResourceId: Resource ID + of the Log Analytics workspace to be associated with Microsoft + Defender. When Microsoft Defender is enabled, this field + is required and must be a valid workspace resource ID. When + Microsoft Defender is disabled, leave the field empty.' + type: string + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + nodeRestriction: + description: 'NodeRestriction: [Node Restriction](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction) + settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Node Restriction' + type: boolean + type: object + workloadIdentity: + description: 'WorkloadIdentity: Workload identity settings for + the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See + https://aka.ms/aks/wi for more details.' + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + serviceMeshProfile: + description: 'ServiceMeshProfile: Service mesh profile for a managed + cluster.' + properties: + istio: + description: 'Istio: Istio service mesh configuration.' + properties: + components: + description: 'Components: Istio components configuration.' + properties: + ingressGateways: + description: 'IngressGateways: Istio ingress gateways.' + items: + description: Istio ingress gateway configuration. For + now, we support up to one external ingress gateway + named `aks-istio-ingressgateway-external` and one + internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + enabled: + description: 'Enabled: Whether to enable the ingress + gateway.' + type: boolean + mode: + description: 'Mode: Mode of an ingress gateway.' + type: string + type: object + type: array + type: object + type: object + mode: + description: 'Mode: Mode of the service mesh.' + type: string + type: object + servicePrincipalProfile: + description: 'ServicePrincipalProfile: Information about a service + principal identity for the cluster to use for manipulating Azure + APIs.' + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + type: string + tier: + description: 'Tier: If not specified, the default is ''Free''. + See [AKS Pricing Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) + for more details.' + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + version: + description: 'Version: The version of AzureDisk CSI Driver. + The default value is v1.' + type: string + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + systemData: + description: 'SystemData: Azure Resource Manager metadata containing + createdBy and modifiedBy information.' + properties: + createdAt: + description: 'CreatedAt: The timestamp of resource creation (UTC).' + type: string + createdBy: + description: 'CreatedBy: The identity that created the resource.' + type: string + createdByType: + description: 'CreatedByType: The type of identity that created + the resource.' + type: string + lastModifiedAt: + description: 'LastModifiedAt: The timestamp of resource last modification + (UTC)' + type: string + lastModifiedBy: + description: 'LastModifiedBy: The identity that last modified + the resource.' + type: string + lastModifiedByType: + description: 'LastModifiedByType: The type of identity that last + modified the resource.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" + or "Microsoft.Storage/storageAccounts"' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading a cluster.' + properties: + overrideSettings: + description: 'OverrideSettings: Settings for overrides.' + properties: + controlPlaneOverrides: + description: 'ControlPlaneOverrides: List of upgrade overrides + when upgrading a cluster''s control plane.' + items: + description: The list of control plane upgrade override + settings. + type: string + type: array + until: + description: 'Until: Until when the overrides are effective. + Note that this only matches the start time of an upgrade, + and the effectiveness won''t change once an upgrade starts + even if the `until` expires as upgrade proceeds. This field + is not set by default. It must be set for the overrides + to take effect.' + type: string + type: object + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: 'AdminPassword: Specifies the password of the administrator + account. Minimum-length: 8 characters Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to + be fulfilled Has lower characters Has upper characters Has a + digit Has a special character (Regex match [\W_]) Disallowed + values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", + "Pa$$$$word", "pass@word1", "Password!", "Password1", "Password22", + "iloveyou!"' + type: string + adminUsername: + description: 'AdminUsername: Specifies the name of the administrator + account. Restriction: Cannot end in "." Disallowed values: "administrator", + "admin", "user", "user1", "test", "user2", "test1", "user3", + "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", + "backup", "console", "david", "guest", "john", "owner", "root", + "server", "sql", "support", "support_388945a0", "sys", "test2", + "test3", "user4", "user5". Minimum-length: 1 character Max-length: + 20 characters' + type: string + enableCSIProxy: + description: 'EnableCSIProxy: For more details on CSI proxy, see + the [CSI proxy GitHub repo](https://github.com/kubernetes-csi/csi-proxy).' + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: 'DnsServer: Specifies the DNS server for Windows + gMSA. Set it to empty if you have configured the DNS server + in the vnet which is used to create the managed cluster.' + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: 'RootDomainName: Specifies the root domain name + for Windows gMSA. Set it to empty if you have configured + the DNS server in the vnet which is used to create the managed + cluster.' + type: string + type: object + licenseType: + description: 'LicenseType: The license type to use for Windows + VMs. See [Azure Hybrid User Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) + for more details.' + type: string + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + type: object + verticalPodAutoscaler: + properties: + controlledValues: + description: 'ControlledValues: Controls which resource value + autoscaler will change. Default value is RequestsAndLimits.' + type: string + enabled: + description: 'Enabled: Whether to enable VPA. Default value + is false.' + type: boolean + updateMode: + description: 'UpdateMode: Each update mode level is a superset + of the lower levels. Off + (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch + version is chosen automatically. Updating the cluster with + the same once it has been created (e.g. 1.14.x + -> 1.14) will not trigger an upgrade, even if a newer patch + version is available. As a best practice, you should upgrade + all node pools in an AKS cluster to the same Kubernetes version. + The node pool version must have the same major version as + the control plane. The node pool minor version must be within + two minor versions of the control plane version. The node + pool version cannot be greater than the control plane version. + For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the + VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to ''Managed''. May not + be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent + pool. The default is Ubuntu if OSType is Linux. The default + is Windows2019 when Kubernetes <= 1.24 or Windows2022 when + Kubernetes >= 1.25 if OSType is Windows.' + enum: + - AzureLinux + - CBLMariner + - Ubuntu + - Windows2019 + - Windows2022 + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + enum: + - Linux + - Windows + type: string + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: 'PowerState: When an Agent Pool is first created + it is initially Running. The Agent Pool can be stopped by + setting this field to Stopped. A stopped Agent Pool stops + all of its VMs and does not accrue billing charges. An Agent + Pool can only be stopped if it is Running and provisioning + state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified + unless the scaleSetPriority is ''Spot''. If not specified, + the default is ''Delete''.' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal + value greater than zero or -1 which indicates the willingness + to pay any on-demand price. For more details on spot pricing, + see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + drainTimeoutInMinutes: + description: 'DrainTimeoutInMinutes: The amount of time + (in minutes) to wait on eviction of pods and graceful + termination per node. This eviction wait time honors waiting + on pod disruption budgets. If this time is exceeded, the + upgrade fails. If not specified, the default is 30 minutes.' + maximum: 1440 + minimum: 1 + type: integer + maxSurge: + description: 'MaxSurge: This can either be set to an integer + (e.g. ''5'') or a percentage (e.g. ''50%''). If a percentage + is specified, it is the percentage of the total agent + pool size at the time of the upgrade. For percentages, + fractional nodes are rounded up. If not specified, the + default is 1. For more information, including best practices, + see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. + If a node contains insufficient compute resources (memory, + cpu, etc) pods might fail to run correctly. For more details + on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, + a VNET and subnet will be generated and used. If no podSubnetID + is specified, this applies to nodes and pods, otherwise it + applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + enum: + - OCIContainer + - WasmWasi + type: string + required: + - name + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: 'AuthorizedIPRanges: IP ranges are specified in CIDR + format, e.g. 137.117.106.88/29. This feature is not compatible + with clusters that use Public IP Per Node, or clusters that + are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges).' + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: 'EnablePrivateCluster: For more details, see [Creating + a private AKS cluster](https://docs.microsoft.com/azure/aks/private-clusters).' + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + privateDNSZone: + description: 'PrivateDNSZone: The default is System. For more + details see [configure private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). + Allowed values are ''system'' and ''none''.' + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: 'Expander: If not specified, the default is ''random''. + See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information.' + enum: + - least-waste + - most-pods + - priority + - random + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: 'MaxNodeProvisionTime: The default is ''15m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: 'NewPodScaleUpDelay: For scenarios like burst/batch + scale where you don''t want CA to act before the kubernetes + scheduler could schedule all the pods, you can tell CA to ignore + unscheduled pods before they''re a certain age. The default + is ''0s''. Values must be an integer followed by a unit (''s'' + for seconds, ''m'' for minutes, ''h'' for hours, etc).' + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: 'ScaleDownDelayAfterAdd: The default is ''10m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-delete: + description: 'ScaleDownDelayAfterDelete: The default is the scan-interval. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-failure: + description: 'ScaleDownDelayAfterFailure: The default is ''3m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-unneeded-time: + description: 'ScaleDownUnneededTime: The default is ''10m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-unready-time: + description: 'ScaleDownUnreadyTime: The default is ''20m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + nodeOSUpgradeChannel: + description: 'NodeOSUpgradeChannel: Manner in which the OS on + your nodes is updated. The default is NodeImage.' + enum: + - NodeImage + - None + - Unmanaged + type: string + upgradeChannel: + description: 'UpgradeChannel: For more information see [setting + the AKS cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel).' + enum: + - node-image + - none + - patch + - rapid + - stable + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Azure Monitor addon profiles for + monitoring the managed cluster.' + properties: + metrics: + description: 'Metrics: Metrics profile for the Azure Monitor managed + service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace + and configure additional scraping for custom targets. See aka.ms/AzureManagedPrometheus + for an overview.' + properties: + enabled: + description: 'Enabled: Whether to enable or disable the Azure + Managed Prometheus addon for Prometheus monitoring. See + aka.ms/AzureManagedPrometheus-aks-enable for details on + enabling and disabling.' + type: boolean + kubeStateMetrics: + description: 'KubeStateMetrics: Kube State Metrics profile + for the Azure Managed Prometheus addon. These optional settings + are for the kube-state-metrics pod that is deployed with + the addon. See aka.ms/AzureManagedPrometheus-optional-parameters + for details.' + properties: + metricAnnotationsAllowList: + description: 'MetricAnnotationsAllowList: Comma-separated + list of Kubernetes annotation keys that will be used + in the resource''s labels metric (Example: ''namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...''). + By default the metric contains only resource name and + namespace labels.' + type: string + metricLabelsAllowlist: + description: 'MetricLabelsAllowlist: Comma-separated list + of additional Kubernetes label keys that will be used + in the resource''s labels metric (Example: ''namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...''). + By default the metric contains only resource name and + namespace labels.' + type: string + type: object + required: + - enabled + type: object + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ + type: string + disableLocalAccounts: + description: 'DisableLocalAccounts: If set to true, getting static + credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details + see [disable local accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview).' + type: boolean + diskEncryptionSetReference: + description: 'DiskEncryptionSetReference: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enablePodSecurityPolicy: + description: 'EnablePodSecurityPolicy: (DEPRECATED) Whether to enable + Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. + Learn more at https://aka.ms/k8s/psp and https://aka.ms/aks/psp.' + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + enum: + - EdgeZone + type: string + type: object + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + delegatedResources: + additionalProperties: + description: Delegated resource properties - internal use only. + properties: + location: + description: 'Location: The source resource location - internal + use only.' + type: string + referralResource: + description: 'ReferralResource: The delegation id of the + referral delegation (optional) - internal use only.' + type: string + resourceReference: + description: 'ResourceReference: The ARM resource id of + the delegated resource - internal use only.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + tenantId: + description: 'TenantId: The tenant id of the delegated resource + - internal use only.' + pattern: ^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$ + type: string + type: object + description: 'DelegatedResources: The delegated identity resources + assigned to this managed cluster. This can only be set by another + Azure Resource Provider, and managed cluster only accept one + delegated identity resource. Internal use only.' + type: object + type: + description: 'Type: For more information see [use managed identities + in AKS](https://docs.microsoft.com/azure/aks/use-managed-identity).' + enum: + - None + - SystemAssigned + - UserAssigned + type: string + userAssignedIdentities: + description: 'UserAssignedIdentities: The keys must be ARM resource + IDs in the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''.' + items: + description: Information about the user assigned identity for + the resource + properties: + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + kubernetesVersion: + description: 'KubernetesVersion: Both patch version + (e.g. 1.20.13) and (e.g. 1.20) are supported. When + is specified, the latest supported GA patch version + is chosen automatically. Updating the cluster with the same + once it has been created (e.g. 1.14.x -> 1.14) will not trigger + an upgrade, even if a newer patch version is available. When you + upgrade a supported AKS cluster, Kubernetes minor versions cannot + be skipped. All upgrades must be performed sequentially by major + version number. For example, upgrades between 1.14.x -> 1.15.x or + 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. + See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) + for more details.' + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + pattern: ^[A-Za-z][-A-Za-z0-9_]*$ + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: 'KeyData: Certificate public key used to + authenticate with VMs through SSH. The certificate + must be in PEM format with or without headers.' + type: string + required: + - keyData + type: object + type: array + required: + - publicKeys + type: object + required: + - adminUsername + - ssh + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: 'DnsServiceIP: An IP address assigned to the Kubernetes + DNS service. It must be within the Kubernetes service address + range specified in serviceCidr.' + pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ + type: string + ipFamilies: + description: 'IpFamilies: IP families are used to determine single-stack + or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6.' + items: + enum: + - IPv4 + - IPv6 + type: string + type: array + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: 'AllocatedOutboundPorts: The desired number of + allocated SNAT ports per VM. Allowed values are in the range + of 0 to 64000 (inclusive). The default value is 0 which + results in Azure dynamically allocating ports.' + maximum: 64000 + minimum: 0 + type: integer + backendPoolType: + description: 'BackendPoolType: The type of the managed inbound + Load Balancer BackendPool.' + enum: + - NodeIP + - NodeIPConfiguration + type: string + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 30 minutes.' + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: 'Count: The desired number of IPv4 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 1.' + maximum: 100 + minimum: 1 + type: integer + countIPv6: + description: 'CountIPv6: The desired number of IPv6 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 0 for single-stack and 1 for dual-stack.' + maximum: 100 + minimum: 0 + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + description: 'LoadBalancerSku: The default is ''standard''. See + [Azure Load Balancer SKUs](https://docs.microsoft.com/azure/load-balancer/skus) + for more information about the differences between load balancer + SKUs.' + enum: + - basic + - standard + type: string + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 4 minutes.' + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: 'Count: The desired number of outbound IPs + created/managed by Azure. Allowed values must be in + the range of 1 to 16 (inclusive). The default value + is 1.' + maximum: 16 + minimum: 1 + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + enum: + - azure + - cilium + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + enum: + - bridge + - transparent + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + enum: + - azure + - kubenet + - none + type: string + networkPluginMode: + description: 'NetworkPluginMode: The mode the network plugin should + use.' + enum: + - overlay + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + enum: + - azure + - calico + - cilium + type: string + outboundType: + description: 'OutboundType: This can only be set at cluster creation + time and cannot be changed later. For more information see [egress + outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype).' + enum: + - loadBalancer + - managedNATGateway + - userAssignedNATGateway + - userDefinedRouting + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + podCidrs: + description: 'PodCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking.' + items: + type: string + type: array + serviceCidr: + description: 'ServiceCidr: A CIDR notation IP range from which + to assign service cluster IPs. It must not overlap with any + Subnet IP ranges.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + serviceCidrs: + description: 'ServiceCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with + any Subnet IP ranges.' + items: + type: string + type: array + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + type: object + operatorSpec: + description: 'OperatorSpec: The specification for configuring operator + behavior. This field is interpreted by the operator and not passed + directly to Azure' + properties: + configMaps: + description: 'ConfigMaps: configures where to place operator written + ConfigMaps.' + properties: + oidcIssuerProfile: + description: 'OIDCIssuerProfile: indicates where the OIDCIssuerProfile + config map should be placed. If omitted, no config map will + be created.' + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: Name is the name of the Kubernetes ConfigMap + being referenced. The ConfigMap must be in the same + namespace as the resource + type: string + required: + - key + - name + type: object + type: object + secrets: + description: 'Secrets: configures where to place Azure generated + secrets.' + properties: + adminCredentials: + description: 'AdminCredentials: indicates where the AdminCredentials + secret should be placed. If omitted, the secret will not + be retrieved from Azure.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: 'UserCredentials: indicates where the UserCredentials + secret should be placed. If omitted, the secret will not + be retrieved from Azure.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: 'PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on AAD pod identity integration.' + properties: + allowNetworkPluginKubenet: + description: 'AllowNetworkPluginKubenet: Running in Kubenet is + disabled by default due to the security related nature of AAD + Pod Identity and the risks of IP spoofing. See [using Kubenet + network plugin with AAD Pod Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information.' + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + required: + - identity + - name + - namespace + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + required: + - name + - namespace + - podLabels + type: object + type: array + type: object + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + enum: + - Disabled + - Enabled + type: string + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: 'AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) + settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: 'KeyId: Identifier of Azure Key Vault key. See + [key identifier format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service + is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service + is disabled, leave the field empty.' + type: string + keyVaultNetworkAccess: + description: 'KeyVaultNetworkAccess: Network access of key + vault. The possible values are `Public` and `Private`. `Public` + means the key vault allows public access from all networks. + `Private` means the key vault disables public access and + enables private link. The default value is `Public`.' + enum: + - Private + - Public + type: string + keyVaultResourceReference: + description: 'KeyVaultResourceReference: Resource ID of key + vault. When keyVaultNetworkAccess is `Private`, this field + is required and must be a valid resource ID. When keyVaultNetworkAccess + is `Public`, leave the field empty.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceReference: + description: 'LogAnalyticsWorkspaceResourceReference: Resource + ID of the Log Analytics workspace to be associated with + Microsoft Defender. When Microsoft Defender is enabled, + this field is required and must be a valid workspace resource + ID. When Microsoft Defender is disabled, leave the field + empty.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + workloadIdentity: + description: 'WorkloadIdentity: Workload identity settings for + the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See + https://aka.ms/aks/wi for more details.' + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + serviceMeshProfile: + description: 'ServiceMeshProfile: Service mesh profile for a managed + cluster.' + properties: + istio: + description: 'Istio: Istio service mesh configuration.' + properties: + certificateAuthority: + description: 'CertificateAuthority: Istio Service Mesh Certificate + Authority (CA) configuration. For now, we only support plugin + certificates as described here https://aka.ms/asm-plugin-ca' + properties: + plugin: + description: 'Plugin: Plugin certificates information + for Service Mesh.' + properties: + certChainObjectName: + description: 'CertChainObjectName: Certificate chain + object name in Azure Key Vault.' + type: string + certObjectName: + description: 'CertObjectName: Intermediate certificate + object name in Azure Key Vault.' + type: string + keyObjectName: + description: 'KeyObjectName: Intermediate certificate + private key object name in Azure Key Vault.' + type: string + keyVaultReference: + description: 'KeyVaultReference: The resource ID of + the Key Vault.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + rootCertObjectName: + description: 'RootCertObjectName: Root certificate + object name in Azure Key Vault.' + type: string + type: object + type: object + components: + description: 'Components: Istio components configuration.' + properties: + egressGateways: + description: 'EgressGateways: Istio egress gateways.' + items: + description: Istio egress gateway configuration. + properties: + enabled: + description: 'Enabled: Whether to enable the egress + gateway.' + type: boolean + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector: NodeSelector for scheduling + the egress gateway.' + type: object + required: + - enabled + type: object + type: array + ingressGateways: + description: 'IngressGateways: Istio ingress gateways.' + items: + description: Istio ingress gateway configuration. For + now, we support up to one external ingress gateway + named `aks-istio-ingressgateway-external` and one + internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + enabled: + description: 'Enabled: Whether to enable the ingress + gateway.' + type: boolean + mode: + description: 'Mode: Mode of an ingress gateway.' + enum: + - External + - Internal + type: string + required: + - enabled + - mode + type: object + type: array + type: object + revisions: + description: 'Revisions: The list of revisions of the Istio + control plane. When an upgrade is not in progress, this + holds one value. When canary upgrade is in progress, this + can only hold two consecutive values. For more information, + see: https://learn.microsoft.com/en-us/azure/aks/istio-upgrade' + items: + type: string + maxItems: 2 + type: array + type: object + mode: + description: 'Mode: Mode of the service mesh.' + enum: + - Disabled + - Istio + type: string + required: + - mode + type: object + servicePrincipalProfile: + description: 'ServicePrincipalProfile: Information about a service + principal identity for the cluster to use for manipulating Azure + APIs.' + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + secret: + description: 'Secret: The secret password associated with the + service principal in plain text.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret being + referenced. The secret must be in the same namespace as + the resource + type: string + required: + - key + - name + type: object + required: + - clientId + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + enum: + - Base + type: string + tier: + description: 'Tier: If not specified, the default is ''Free''. + See [AKS Pricing Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) + for more details.' + enum: + - Free + - Premium + - Standard + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + supportPlan: + description: 'SupportPlan: The support plan for the Managed Cluster. + If unspecified, the default is ''KubernetesOfficial''.' + enum: + - AKSLongTermSupport + - KubernetesOfficial + type: string + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading a cluster.' + properties: + overrideSettings: + description: 'OverrideSettings: Settings for overrides.' + properties: + forceUpgrade: + description: 'ForceUpgrade: Whether to force upgrade the cluster. + Note that this option instructs upgrade operation to bypass + upgrade protections such as checking for deprecated API + usage. Enable this option only with caution.' + type: boolean + until: + description: 'Until: Until when the overrides are effective. + Note that this only matches the start time of an upgrade, + and the effectiveness won''t change once an upgrade starts + even if the `until` expires as upgrade proceeds. This field + is not set by default. It must be set for the overrides + to take effect.' + type: string + type: object + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: 'AdminPassword: Specifies the password of the administrator + account. Minimum-length: 8 characters Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to + be fulfilled Has lower characters Has upper characters Has a + digit Has a special character (Regex match [\W_]) Disallowed + values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", + "Pa$$$$word", "pass@word1", "Password!", "Password1", "Password22", + "iloveyou!"' + type: string + adminUsername: + description: 'AdminUsername: Specifies the name of the administrator + account. Restriction: Cannot end in "." Disallowed values: "administrator", + "admin", "user", "user1", "test", "user2", "test1", "user3", + "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", + "backup", "console", "david", "guest", "john", "owner", "root", + "server", "sql", "support", "support_388945a0", "sys", "test2", + "test3", "user4", "user5". Minimum-length: 1 character Max-length: + 20 characters' + type: string + enableCSIProxy: + description: 'EnableCSIProxy: For more details on CSI proxy, see + the [CSI proxy GitHub repo](https://github.com/kubernetes-csi/csi-proxy).' + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: 'DnsServer: Specifies the DNS server for Windows + gMSA. Set it to empty if you have configured the DNS server + in the vnet which is used to create the managed cluster.' + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: 'RootDomainName: Specifies the root domain name + for Windows gMSA. Set it to empty if you have configured + the DNS server in the vnet which is used to create the managed + cluster.' + type: string + type: object + licenseType: + description: 'LicenseType: The license type to use for Windows + VMs. See [Azure Hybrid User Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) + for more details.' + enum: + - None + - Windows_Server + type: string + required: + - adminUsername + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + required: + - enabled + type: object + verticalPodAutoscaler: + description: 'VerticalPodAutoscaler: VPA (Vertical Pod Autoscaler) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable VPA. Default value + is false.' + type: boolean + required: + - enabled + type: object + type: object + required: + - location + - owner + type: object + status: + description: Managed cluster. + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: (DEPRECATED) The client AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: (DEPRECATED) The server AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + serverAppSecret: + description: 'ServerAppSecret: (DEPRECATED) The server AAD application + secret. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + tenantID: + description: 'TenantID: The AAD tenant ID to use for authentication. + If not specified, will use the tenant of the deployment subscription.' + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + identity: + description: 'Identity: Information of user assigned identity + used by this add-on.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones + to use for nodes. This can only be specified if the AgentPoolType + property is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + capacityReservationGroupID: + description: 'CapacityReservationGroupID: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + type: string + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for + system pools. The default value is 1.' + type: integer + creationData: + description: 'CreationData: CreationData to be used to specify + the source Snapshot ID if the node pool will be created/upgraded + using a snapshot.' + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the + source object to be used to create the target object.' + type: string + type: object + currentOrchestratorVersion: + description: 'CurrentOrchestratorVersion: If orchestratorVersion + is a fully specified version , this field + will be exactly equal to it. If orchestratorVersion is , + this field will contain the full version + being used.' + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported + on certain VM sizes and in certain Azure regions. For more + information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require + nodes in a node pool to receive their own dedicated public + IP addresses. A common scenario is for gaming workloads, where + a console needs to make a direct connection to a cloud virtual + machine to minimize hops. For more information see [assigning + a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + hostGroupID: + description: 'HostGroupID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of + container log files that can be present for a container. + The number must be ≥ 2.' + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' + Valid values are a sequence of decimal numbers with an + optional fraction and a unit suffix. For example: ''300ms'', + ''2h45m''. Supported units are ''ns'', ''us'', ''ms'', + ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. + See [Kubernetes CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and + ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information + see [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', + ''best-effort'', ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral + storage.' + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are + ''always'', ''defer'', ''defer+madvise'', ''madvise'' + and ''never''. The default is ''madvise''. For more information + see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are + ''always'', ''madvise'', and ''never''. The default is + ''always''. For more information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' + Agent Pool at all times. For additional information on agent + pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an + agent pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are + allowed to access. The specified ranges are allowed to + overlap.' + items: + description: The port range. + properties: + portEnd: + description: 'PortEnd: The maximum port that is included + in the range. It should be ranged from 1 to 65535, + and be greater than or equal to portStart.' + type: integer + portStart: + description: 'PortStart: The minimum port that is + included in the range. It should be ranged from + 1 to 65535, and be less than or equal to portEnd.' + type: integer + protocol: + description: 'Protocol: The network protocol of the + port.' + type: string + type: object + type: array + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: The IDs of the + application security groups which agent pool will associate + when created.' + items: + type: string + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level + public IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: + RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated + with the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: 'NodePublicIPPrefixID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch + version is chosen automatically. Updating the cluster with + the same once it has been created (e.g. 1.14.x + -> 1.14) will not trigger an upgrade, even if a newer patch + version is available. As a best practice, you should upgrade + all node pools in an AKS cluster to the same Kubernetes version. + The node pool version must have the same major version as + the control plane. The node pool minor version must be within + two minor versions of the control plane version. The node + pool version cannot be greater than the control plane version. + For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the + VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to ''Managed''. May not + be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent + pool. The default is Ubuntu if OSType is Linux. The default + is Windows2019 when Kubernetes <= 1.24 or Windows2022 when + Kubernetes >= 1.25 if OSType is Windows.' + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + type: string + podSubnetID: + description: 'PodSubnetID: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + powerState: + description: 'PowerState: When an Agent Pool is first created + it is initially Running. The Agent Pool can be stopped by + setting this field to Stopped. A stopped Agent Pool stops + all of its VMs and does not accrue billing charges. An Agent + Pool can only be stopped if it is Running and provisioning + state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + type: string + type: object + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity + Placement Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified + unless the scaleSetPriority is ''Spot''. If not specified, + the default is ''Delete''.' + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal + value greater than zero or -1 which indicates the willingness + to pay any on-demand price. For more details on spot pricing, + see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + drainTimeoutInMinutes: + description: 'DrainTimeoutInMinutes: The amount of time + (in minutes) to wait on eviction of pods and graceful + termination per node. This eviction wait time honors waiting + on pod disruption budgets. If this time is exceeded, the + upgrade fails. If not specified, the default is 30 minutes.' + type: integer + maxSurge: + description: 'MaxSurge: This can either be set to an integer + (e.g. ''5'') or a percentage (e.g. ''50%''). If a percentage + is specified, it is the percentage of the total agent + pool size at the time of the upgrade. For percentages, + fractional nodes are rounded up. If not specified, the + default is 1. For more information, including best practices, + see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. + If a node contains insufficient compute resources (memory, + cpu, etc) pods might fail to run correctly. For more details + on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetID: + description: 'VnetSubnetID: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies + to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + type: string + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: 'AuthorizedIPRanges: IP ranges are specified in CIDR + format, e.g. 137.117.106.88/29. This feature is not compatible + with clusters that use Public IP Per Node, or clusters that + are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges).' + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: 'EnablePrivateCluster: For more details, see [Creating + a private AKS cluster](https://docs.microsoft.com/azure/aks/private-clusters).' + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + privateDNSZone: + description: 'PrivateDNSZone: The default is System. For more + details see [configure private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). + Allowed values are ''system'' and ''none''.' + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: 'Expander: If not specified, the default is ''random''. + See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information.' + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: 'MaxNodeProvisionTime: The default is ''15m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: 'NewPodScaleUpDelay: For scenarios like burst/batch + scale where you don''t want CA to act before the kubernetes + scheduler could schedule all the pods, you can tell CA to ignore + unscheduled pods before they''re a certain age. The default + is ''0s''. Values must be an integer followed by a unit (''s'' + for seconds, ''m'' for minutes, ''h'' for hours, etc).' + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: 'ScaleDownDelayAfterAdd: The default is ''10m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-delete: + description: 'ScaleDownDelayAfterDelete: The default is the scan-interval. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-failure: + description: 'ScaleDownDelayAfterFailure: The default is ''3m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-unneeded-time: + description: 'ScaleDownUnneededTime: The default is ''10m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-unready-time: + description: 'ScaleDownUnreadyTime: The default is ''20m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + nodeOSUpgradeChannel: + description: 'NodeOSUpgradeChannel: Manner in which the OS on + your nodes is updated. The default is NodeImage.' + type: string + upgradeChannel: + description: 'UpgradeChannel: For more information see [setting + the AKS cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel).' + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Azure Monitor addon profiles for + monitoring the managed cluster.' + properties: + metrics: + description: 'Metrics: Metrics profile for the Azure Monitor managed + service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace + and configure additional scraping for custom targets. See aka.ms/AzureManagedPrometheus + for an overview.' + properties: + enabled: + description: 'Enabled: Whether to enable or disable the Azure + Managed Prometheus addon for Prometheus monitoring. See + aka.ms/AzureManagedPrometheus-aks-enable for details on + enabling and disabling.' + type: boolean + kubeStateMetrics: + description: 'KubeStateMetrics: Kube State Metrics profile + for the Azure Managed Prometheus addon. These optional settings + are for the kube-state-metrics pod that is deployed with + the addon. See aka.ms/AzureManagedPrometheus-optional-parameters + for details.' + properties: + metricAnnotationsAllowList: + description: 'MetricAnnotationsAllowList: Comma-separated + list of Kubernetes annotation keys that will be used + in the resource''s labels metric (Example: ''namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...''). + By default the metric contains only resource name and + namespace labels.' + type: string + metricLabelsAllowlist: + description: 'MetricLabelsAllowlist: Comma-separated list + of additional Kubernetes label keys that will be used + in the resource''s labels metric (Example: ''namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...''). + By default the metric contains only resource name and + namespace labels.' + type: string + type: object + type: object + type: object + azurePortalFQDN: + description: 'AzurePortalFQDN: The Azure Portal requires certain Cross-Origin + Resource Sharing (CORS) headers to be sent in some responses, which + Kubernetes APIServer doesn''t handle by default. This special FQDN + supports CORS, allowing the Azure Portal to function properly.' + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + currentKubernetesVersion: + description: 'CurrentKubernetesVersion: If kubernetesVersion was a + fully specified version , this field will be + exactly equal to it. If kubernetesVersion was , this + field will contain the full version being used.' + type: string + disableLocalAccounts: + description: 'DisableLocalAccounts: If set to true, getting static + credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details + see [disable local accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview).' + type: boolean + diskEncryptionSetID: + description: 'DiskEncryptionSetID: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + type: string + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enablePodSecurityPolicy: + description: 'EnablePodSecurityPolicy: (DEPRECATED) Whether to enable + Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. + Learn more at https://aka.ms/k8s/psp and https://aka.ms/aks/psp.' + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + type: string + type: object + fqdn: + description: 'Fqdn: The FQDN of the master pool.' + type: string + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + id: + description: 'Id: Fully qualified resource ID for the resource. E.g. + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"' + type: string + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + delegatedResources: + additionalProperties: + description: Delegated resource properties - internal use only. + properties: + location: + description: 'Location: The source resource location - internal + use only.' + type: string + referralResource: + description: 'ReferralResource: The delegation id of the + referral delegation (optional) - internal use only.' + type: string + resourceId: + description: 'ResourceId: The ARM resource id of the delegated + resource - internal use only.' + type: string + tenantId: + description: 'TenantId: The tenant id of the delegated resource + - internal use only.' + type: string + type: object + description: 'DelegatedResources: The delegated identity resources + assigned to this managed cluster. This can only be set by another + Azure Resource Provider, and managed cluster only accept one + delegated identity resource. Internal use only.' + type: object + principalId: + description: 'PrincipalId: The principal id of the system assigned + identity which is used by master components.' + type: string + tenantId: + description: 'TenantId: The tenant id of the system assigned identity + which is used by master components.' + type: string + type: + description: 'Type: For more information see [use managed identities + in AKS](https://docs.microsoft.com/azure/aks/use-managed-identity).' + type: string + userAssignedIdentities: + additionalProperties: + properties: + clientId: + description: 'ClientId: The client id of user assigned identity.' + type: string + principalId: + description: 'PrincipalId: The principal id of user assigned + identity.' + type: string + type: object + description: 'UserAssignedIdentities: The keys must be ARM resource + IDs in the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''.' + type: object + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + kubernetesVersion: + description: 'KubernetesVersion: Both patch version + (e.g. 1.20.13) and (e.g. 1.20) are supported. When + is specified, the latest supported GA patch version + is chosen automatically. Updating the cluster with the same + once it has been created (e.g. 1.14.x -> 1.14) will not trigger + an upgrade, even if a newer patch version is available. When you + upgrade a supported AKS cluster, Kubernetes minor versions cannot + be skipped. All upgrades must be performed sequentially by major + version number. For example, upgrades between 1.14.x -> 1.15.x or + 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. + See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) + for more details.' + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: 'KeyData: Certificate public key used to + authenticate with VMs through SSH. The certificate + must be in PEM format with or without headers.' + type: string + type: object + type: array + type: object + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + maxAgentPools: + description: 'MaxAgentPools: The max number of agent pools for the + managed cluster.' + type: integer + name: + description: 'Name: The name of the resource' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: 'DnsServiceIP: An IP address assigned to the Kubernetes + DNS service. It must be within the Kubernetes service address + range specified in serviceCidr.' + type: string + ipFamilies: + description: 'IpFamilies: IP families are used to determine single-stack + or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6.' + items: + type: string + type: array + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: 'AllocatedOutboundPorts: The desired number of + allocated SNAT ports per VM. Allowed values are in the range + of 0 to 64000 (inclusive). The default value is 0 which + results in Azure dynamically allocating ports.' + type: integer + backendPoolType: + description: 'BackendPoolType: The type of the managed inbound + Load Balancer BackendPool.' + type: string + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 30 minutes.' + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: 'Count: The desired number of IPv4 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 1.' + type: integer + countIPv6: + description: 'CountIPv6: The desired number of IPv6 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 0 for single-stack and 1 for dual-stack.' + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + description: 'LoadBalancerSku: The default is ''standard''. See + [Azure Load Balancer SKUs](https://docs.microsoft.com/azure/load-balancer/skus) + for more information about the differences between load balancer + SKUs.' + type: string + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 4 minutes.' + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: 'Count: The desired number of outbound IPs + created/managed by Azure. Allowed values must be in + the range of 1 to 16 (inclusive). The default value + is 1.' + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + type: string + networkPluginMode: + description: 'NetworkPluginMode: The mode the network plugin should + use.' + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + type: string + outboundType: + description: 'OutboundType: This can only be set at cluster creation + time and cannot be changed later. For more information see [egress + outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype).' + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + type: string + podCidrs: + description: 'PodCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking.' + items: + type: string + type: array + serviceCidr: + description: 'ServiceCidr: A CIDR notation IP range from which + to assign service cluster IPs. It must not overlap with any + Subnet IP ranges.' + type: string + serviceCidrs: + description: 'ServiceCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with + any Subnet IP ranges.' + items: + type: string + type: array + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + issuerURL: + description: 'IssuerURL: The OIDC issuer url of the Managed Cluster.' + type: string + type: object + podIdentityProfile: + description: 'PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on AAD pod identity integration.' + properties: + allowNetworkPluginKubenet: + description: 'AllowNetworkPluginKubenet: Running in Kubenet is + disabled by default due to the security related nature of AAD + Pod Identity and the risks of IP spoofing. See [using Kubenet + network plugin with AAD Pod Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information.' + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user + assigned identity.' + type: string + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + provisioningInfo: + properties: + error: + description: 'Error: Pod identity assignment error (if + any).' + properties: + error: + description: 'Error: Details about the error.' + properties: + code: + description: 'Code: An identifier for the error. + Codes are invariant and are intended to be + consumed programmatically.' + type: string + details: + description: 'Details: A list of additional + details about the error.' + items: + properties: + code: + description: 'Code: An identifier for + the error. Codes are invariant and are + intended to be consumed programmatically.' + type: string + message: + description: 'Message: A message describing + the error, intended to be suitable for + display in a user interface.' + type: string + target: + description: 'Target: The target of the + particular error. For example, the name + of the property in error.' + type: string + type: object + type: array + message: + description: 'Message: A message describing + the error, intended to be suitable for display + in a user interface.' + type: string + target: + description: 'Target: The target of the particular + error. For example, the name of the property + in error.' + type: string + type: object + type: object + type: object + provisioningState: + description: 'ProvisioningState: The current provisioning + state of the pod identity.' + type: string + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + type: object + type: array + type: object + powerState: + description: 'PowerState: The Power State of the cluster.' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + privateFQDN: + description: 'PrivateFQDN: The FQDN of private cluster.' + type: string + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + id: + description: 'Id: The ID of the private link resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + privateLinkServiceID: + description: 'PrivateLinkServiceID: The private link service + ID of the resource, this field is exposed only to NRP internally.' + type: string + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + provisioningState: + description: 'ProvisioningState: The current provisioning state.' + type: string + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + type: string + resourceUID: + description: 'ResourceUID: The resourceUID uniquely identifies ManagedClusters + that reuse ARM ResourceIds (i.e: create, delete, create sequence)' + type: string + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: 'AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) + settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: 'KeyId: Identifier of Azure Key Vault key. See + [key identifier format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service + is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service + is disabled, leave the field empty.' + type: string + keyVaultNetworkAccess: + description: 'KeyVaultNetworkAccess: Network access of key + vault. The possible values are `Public` and `Private`. `Public` + means the key vault allows public access from all networks. + `Private` means the key vault disables public access and + enables private link. The default value is `Public`.' + type: string + keyVaultResourceId: + description: 'KeyVaultResourceId: Resource ID of key vault. + When keyVaultNetworkAccess is `Private`, this field is required + and must be a valid resource ID. When keyVaultNetworkAccess + is `Public`, leave the field empty.' + type: string + type: object + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceId: + description: 'LogAnalyticsWorkspaceResourceId: Resource ID + of the Log Analytics workspace to be associated with Microsoft + Defender. When Microsoft Defender is enabled, this field + is required and must be a valid workspace resource ID. When + Microsoft Defender is disabled, leave the field empty.' + type: string + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + workloadIdentity: + description: 'WorkloadIdentity: Workload identity settings for + the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See + https://aka.ms/aks/wi for more details.' + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + serviceMeshProfile: + description: 'ServiceMeshProfile: Service mesh profile for a managed + cluster.' + properties: + istio: + description: 'Istio: Istio service mesh configuration.' + properties: + certificateAuthority: + description: 'CertificateAuthority: Istio Service Mesh Certificate + Authority (CA) configuration. For now, we only support plugin + certificates as described here https://aka.ms/asm-plugin-ca' + properties: + plugin: + description: 'Plugin: Plugin certificates information + for Service Mesh.' + properties: + certChainObjectName: + description: 'CertChainObjectName: Certificate chain + object name in Azure Key Vault.' + type: string + certObjectName: + description: 'CertObjectName: Intermediate certificate + object name in Azure Key Vault.' + type: string + keyObjectName: + description: 'KeyObjectName: Intermediate certificate + private key object name in Azure Key Vault.' + type: string + keyVaultId: + description: 'KeyVaultId: The resource ID of the Key + Vault.' + type: string + rootCertObjectName: + description: 'RootCertObjectName: Root certificate + object name in Azure Key Vault.' + type: string + type: object + type: object + components: + description: 'Components: Istio components configuration.' + properties: + egressGateways: + description: 'EgressGateways: Istio egress gateways.' + items: + description: Istio egress gateway configuration. + properties: + enabled: + description: 'Enabled: Whether to enable the egress + gateway.' + type: boolean + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector: NodeSelector for scheduling + the egress gateway.' + type: object + type: object + type: array + ingressGateways: + description: 'IngressGateways: Istio ingress gateways.' + items: + description: Istio ingress gateway configuration. For + now, we support up to one external ingress gateway + named `aks-istio-ingressgateway-external` and one + internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + enabled: + description: 'Enabled: Whether to enable the ingress + gateway.' + type: boolean + mode: + description: 'Mode: Mode of an ingress gateway.' + type: string + type: object + type: array + type: object + revisions: + description: 'Revisions: The list of revisions of the Istio + control plane. When an upgrade is not in progress, this + holds one value. When canary upgrade is in progress, this + can only hold two consecutive values. For more information, + see: https://learn.microsoft.com/en-us/azure/aks/istio-upgrade' + items: + type: string + type: array + type: object + mode: + description: 'Mode: Mode of the service mesh.' + type: string + type: object + servicePrincipalProfile: + description: 'ServicePrincipalProfile: Information about a service + principal identity for the cluster to use for manipulating Azure + APIs.' + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + type: string + tier: + description: 'Tier: If not specified, the default is ''Free''. + See [AKS Pricing Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) + for more details.' + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + supportPlan: + description: 'SupportPlan: The support plan for the Managed Cluster. + If unspecified, the default is ''KubernetesOfficial''.' + type: string + systemData: + description: 'SystemData: Azure Resource Manager metadata containing + createdBy and modifiedBy information.' + properties: + createdAt: + description: 'CreatedAt: The timestamp of resource creation (UTC).' + type: string + createdBy: + description: 'CreatedBy: The identity that created the resource.' + type: string + createdByType: + description: 'CreatedByType: The type of identity that created + the resource.' + type: string + lastModifiedAt: + description: 'LastModifiedAt: The timestamp of resource last modification + (UTC)' + type: string + lastModifiedBy: + description: 'LastModifiedBy: The identity that last modified + the resource.' + type: string + lastModifiedByType: + description: 'LastModifiedByType: The type of identity that last + modified the resource.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" + or "Microsoft.Storage/storageAccounts"' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading a cluster.' + properties: + overrideSettings: + description: 'OverrideSettings: Settings for overrides.' + properties: + forceUpgrade: + description: 'ForceUpgrade: Whether to force upgrade the cluster. + Note that this option instructs upgrade operation to bypass + upgrade protections such as checking for deprecated API + usage. Enable this option only with caution.' + type: boolean + until: + description: 'Until: Until when the overrides are effective. + Note that this only matches the start time of an upgrade, + and the effectiveness won''t change once an upgrade starts + even if the `until` expires as upgrade proceeds. This field + is not set by default. It must be set for the overrides + to take effect.' + type: string + type: object + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: 'AdminPassword: Specifies the password of the administrator + account. Minimum-length: 8 characters Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to + be fulfilled Has lower characters Has upper characters Has a + digit Has a special character (Regex match [\W_]) Disallowed + values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", + "Pa$$$$word", "pass@word1", "Password!", "Password1", "Password22", + "iloveyou!"' + type: string + adminUsername: + description: 'AdminUsername: Specifies the name of the administrator + account. Restriction: Cannot end in "." Disallowed values: "administrator", + "admin", "user", "user1", "test", "user2", "test1", "user3", + "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", + "backup", "console", "david", "guest", "john", "owner", "root", + "server", "sql", "support", "support_388945a0", "sys", "test2", + "test3", "user4", "user5". Minimum-length: 1 character Max-length: + 20 characters' + type: string + enableCSIProxy: + description: 'EnableCSIProxy: For more details on CSI proxy, see + the [CSI proxy GitHub repo](https://github.com/kubernetes-csi/csi-proxy).' + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: 'DnsServer: Specifies the DNS server for Windows + gMSA. Set it to empty if you have configured the DNS server + in the vnet which is used to create the managed cluster.' + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: 'RootDomainName: Specifies the root domain name + for Windows gMSA. Set it to empty if you have configured + the DNS server in the vnet which is used to create the managed + cluster.' + type: string + type: object + licenseType: + description: 'LicenseType: The license type to use for Windows + VMs. See [Azure Hybrid User Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) + for more details.' + type: string + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + type: object + verticalPodAutoscaler: + description: 'VerticalPodAutoscaler: VPA (Vertical Pod Autoscaler) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable VPA. Default value + is false.' + type: boolean + type: object + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20231001storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20231001.ManagedCluster Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-10-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20231001.ManagedCluster_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + aadProfile: + description: Storage version of v1api20231001.ManagedClusterAADProfile + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: Storage version of v1api20231001.ManagedClusterAddonProfile + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + type: object + type: object + agentPoolProfiles: + items: + description: Storage version of v1api20231001.ManagedClusterAgentPoolProfile + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + capacityReservationGroupReference: + description: 'CapacityReservationGroupReference: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + count: + type: integer + creationData: + description: Storage version of v1api20231001.CreationData Data + used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID + of the source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupReference: + description: 'HostGroupReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: Storage version of v1api20231001.KubeletConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20231001.LinuxOSConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20231001.SysctlConfig + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + networkProfile: + description: Storage version of v1api20231001.AgentPoolNetworkProfile + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + allowedHostPorts: + items: + description: Storage version of v1api20231001.PortRange + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroupsReferences: + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, Kind, + Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + items: + description: Storage version of v1api20231001.IPTag Contains + the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixReference: + description: 'NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: Storage version of v1api20231001.PowerState Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + code: + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20231001.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + drainTimeoutInMinutes: + type: integer + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, + a VNET and subnet will be generated and used. If no podSubnetID + is specified, this applies to nodes and pods, otherwise it + applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + type: string + type: object + type: array + apiServerAccessProfile: + description: Storage version of v1api20231001.ManagedClusterAPIServerAccessProfile + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + disableRunCommand: + type: boolean + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + privateDNSZone: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20231001.ManagedClusterProperties_AutoScalerProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + expander: + type: string + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: Storage version of v1api20231001.ManagedClusterAutoUpgradeProfile + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + nodeOSUpgradeChannel: + type: string + upgradeChannel: + type: string + type: object + azureMonitorProfile: + description: Storage version of v1api20231001.ManagedClusterAzureMonitorProfile + Azure Monitor addon profiles for monitoring the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + metrics: + description: Storage version of v1api20231001.ManagedClusterAzureMonitorProfileMetrics + Metrics profile for the Azure Monitor managed service for Prometheus + addon. Collect out-of-the-box Kubernetes infrastructure metrics + to send to an Azure Monitor Workspace and configure additional + scraping for custom targets. See aka.ms/AzureManagedPrometheus + for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + kubeStateMetrics: + description: Storage version of v1api20231001.ManagedClusterAzureMonitorProfileKubeStateMetrics + Kube State Metrics profile for the Azure Managed Prometheus + addon. These optional settings are for the kube-state-metrics + pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters + for details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + metricAnnotationsAllowList: + type: string + metricLabelsAllowlist: + type: string + type: object + type: object + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + disableLocalAccounts: + type: boolean + diskEncryptionSetReference: + description: 'DiskEncryptionSetReference: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + type: string + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: Storage version of v1api20231001.ExtendedLocation The + complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdnSubdomain: + type: string + httpProxyConfig: + description: Storage version of v1api20231001.ManagedClusterHTTPProxyConfig + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + identity: + description: Storage version of v1api20231001.ManagedClusterIdentity + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + delegatedResources: + additionalProperties: + description: Storage version of v1api20231001.DelegatedResource + Delegated resource properties - internal use only. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + location: + type: string + referralResource: + type: string + resourceReference: + description: 'ResourceReference: The ARM resource id of + the delegated resource - internal use only.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + tenantId: + type: string + type: object + type: object + type: + type: string + userAssignedIdentities: + items: + description: Storage version of v1api20231001.UserAssignedIdentityDetails + Information about the user assigned identity for the resource + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: Storage version of v1api20231001.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: object + kubernetesVersion: + type: string + linuxProfile: + description: Storage version of v1api20231001.ContainerServiceLinuxProfile + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: Storage version of v1api20231001.ContainerServiceSshConfiguration + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: Storage version of v1api20231001.ContainerServiceSshPublicKey + Contains information about SSH certificate public key + data. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + networkProfile: + description: Storage version of v1api20231001.ContainerServiceNetworkProfile + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + dnsServiceIP: + type: string + ipFamilies: + items: + type: string + type: array + loadBalancerProfile: + description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + backendPoolType: + type: string + effectiveOutboundIPs: + items: + description: Storage version of v1api20231001.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + enableMultipleStandardLoadBalancers: + type: boolean + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + count: + type: integer + countIPv6: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPPrefixes: + items: + description: Storage version of v1api20231001.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_OutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPs: + items: + description: Storage version of v1api20231001.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + natGatewayProfile: + description: Storage version of v1api20231001.ManagedClusterNATGatewayProfile + Profile of the managed cluster NAT gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + effectiveOutboundIPs: + items: + description: Storage version of v1api20231001.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPProfile: + description: Storage version of v1api20231001.ManagedClusterManagedOutboundIPProfile + Profile of the managed outbound IP resources of the managed + cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + count: + type: integer + type: object + type: object + networkDataplane: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPluginMode: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + podCidrs: + items: + type: string + type: array + serviceCidr: + type: string + serviceCidrs: + items: + type: string + type: array + type: object + nodeResourceGroup: + type: string + oidcIssuerProfile: + description: Storage version of v1api20231001.ManagedClusterOIDCIssuerProfile + The OIDC issuer profile of the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + operatorSpec: + description: Storage version of v1api20231001.ManagedClusterOperatorSpec + Details for configuring operator behavior. Fields in this struct + are interpreted by the operator directly rather than being passed + to Azure + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + configMaps: + description: Storage version of v1api20231001.ManagedClusterOperatorConfigMaps + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + oidcIssuerProfile: + description: 'ConfigMapDestination describes the location + to store a single configmap value Note: This is similar + to SecretDestination in secrets.go. Changes to one should + likely also be made to the other.' + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: Name is the name of the Kubernetes ConfigMap + being referenced. The ConfigMap must be in the same + namespace as the resource + type: string + required: + - key + - name + type: object + type: object + secrets: + description: Storage version of v1api20231001.ManagedClusterOperatorSecrets + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminCredentials: + description: 'SecretDestination describes the location to + store a single secret value. Note: This is similar to ConfigMapDestination + in configmaps.go. Changes to one should likely also be made + to the other.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: 'SecretDestination describes the location to + store a single secret value. Note: This is similar to ConfigMapDestination + in configmaps.go. Changes to one should likely also be made + to the other.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + originalVersion: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: Storage version of v1api20231001.ManagedClusterPodIdentityProfile + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on pod identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: Storage version of v1api20231001.ManagedClusterPodIdentity + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + bindingSelector: + type: string + identity: + description: Storage version of v1api20231001.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + type: string + namespace: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: Storage version of v1api20231001.ManagedClusterPodIdentityException + See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + privateLinkResources: + items: + description: Storage version of v1api20231001.PrivateLinkResource + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + name: + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + publicNetworkAccess: + type: string + securityProfile: + description: Storage version of v1api20231001.ManagedClusterSecurityProfile + Security profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + azureKeyVaultKms: + description: Storage version of v1api20231001.AzureKeyVaultKms + Azure Key Vault key management service settings for the security + profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + keyId: + type: string + keyVaultNetworkAccess: + type: string + keyVaultResourceReference: + description: 'KeyVaultResourceReference: Resource ID of key + vault. When keyVaultNetworkAccess is `Private`, this field + is required and must be a valid resource ID. When keyVaultNetworkAccess + is `Public`, leave the field empty.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + defender: + description: Storage version of v1api20231001.ManagedClusterSecurityProfileDefender + Microsoft Defender settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + logAnalyticsWorkspaceResourceReference: + description: 'LogAnalyticsWorkspaceResourceReference: Resource + ID of the Log Analytics workspace to be associated with + Microsoft Defender. When Microsoft Defender is enabled, + this field is required and must be a valid workspace resource + ID. When Microsoft Defender is disabled, leave the field + empty.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + securityMonitoring: + description: Storage version of v1api20231001.ManagedClusterSecurityProfileDefenderSecurityMonitoring + Microsoft Defender settings for the security profile threat + detection. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + enabled: + type: boolean + type: object + type: object + imageCleaner: + description: Storage version of v1api20231001.ManagedClusterSecurityProfileImageCleaner + Image Cleaner removes unused images from nodes, freeing up disk + space and helping to reduce attack surface area. Here are settings + for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + intervalHours: + type: integer + type: object + workloadIdentity: + description: Storage version of v1api20231001.ManagedClusterSecurityProfileWorkloadIdentity + Workload identity settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + serviceMeshProfile: + description: Storage version of v1api20231001.ServiceMeshProfile Service + mesh profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + istio: + description: Storage version of v1api20231001.IstioServiceMesh + Istio service mesh configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + certificateAuthority: + description: Storage version of v1api20231001.IstioCertificateAuthority + Istio Service Mesh Certificate Authority (CA) configuration. + For now, we only support plugin certificates as described + here https://aka.ms/asm-plugin-ca + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + plugin: + description: Storage version of v1api20231001.IstioPluginCertificateAuthority + Plugin certificates information for Service Mesh. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + certChainObjectName: + type: string + certObjectName: + type: string + keyObjectName: + type: string + keyVaultReference: + description: 'KeyVaultReference: The resource ID of + the Key Vault.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + rootCertObjectName: + type: string + type: object + type: object + components: + description: Storage version of v1api20231001.IstioComponents + Istio components configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + egressGateways: + items: + description: Storage version of v1api20231001.IstioEgressGateway + Istio egress gateway configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + enabled: + type: boolean + nodeSelector: + additionalProperties: + type: string + type: object + type: object + type: array + ingressGateways: + items: + description: Storage version of v1api20231001.IstioIngressGateway + Istio ingress gateway configuration. For now, we support + up to one external ingress gateway named `aks-istio-ingressgateway-external` + and one internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + enabled: + type: boolean + mode: + type: string + type: object + type: array + type: object + revisions: + items: + type: string + type: array + type: object + mode: + type: string + type: object + servicePrincipalProfile: + description: Storage version of v1api20231001.ManagedClusterServicePrincipalProfile + Information about a service principal identity for the cluster to + use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + clientId: + type: string + secret: + description: SecretReference is a reference to a Kubernetes secret + and key in the same namespace as the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret being + referenced. The secret must be in the same namespace as + the resource + type: string + required: + - key + - name + type: object + type: object + sku: + description: Storage version of v1api20231001.ManagedClusterSKU The + SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + storageProfile: + description: Storage version of v1api20231001.ManagedClusterStorageProfile + Storage profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + blobCSIDriver: + description: Storage version of v1api20231001.ManagedClusterStorageProfileBlobCSIDriver + AzureBlob CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + diskCSIDriver: + description: Storage version of v1api20231001.ManagedClusterStorageProfileDiskCSIDriver + AzureDisk CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + fileCSIDriver: + description: Storage version of v1api20231001.ManagedClusterStorageProfileFileCSIDriver + AzureFile CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + snapshotController: + description: Storage version of v1api20231001.ManagedClusterStorageProfileSnapshotController + Snapshot Controller settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + supportPlan: + type: string + tags: + additionalProperties: + type: string + type: object + upgradeSettings: + description: Storage version of v1api20231001.ClusterUpgradeSettings + Settings for upgrading a cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + overrideSettings: + description: Storage version of v1api20231001.UpgradeOverrideSettings + Settings for overrides when upgrading a cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + forceUpgrade: + type: boolean + until: + type: string + type: object + type: object + windowsProfile: + description: Storage version of v1api20231001.ManagedClusterWindowsProfile + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminPassword: + type: string + adminUsername: + type: string + enableCSIProxy: + type: boolean + gmsaProfile: + description: Storage version of v1api20231001.WindowsGmsaProfile + Windows gMSA Profile in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServer: + type: string + enabled: + type: boolean + rootDomainName: + type: string + type: object + licenseType: + type: string + type: object + workloadAutoScalerProfile: + description: Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfile + Workload Auto-scaler profile for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + keda: + description: Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfileKeda + KEDA (Kubernetes Event-driven Autoscaling) settings for the + workload auto-scaler profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + verticalPodAutoscaler: + description: Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler + VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler + profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + required: + - owner + type: object + status: + description: Storage version of v1api20231001.ManagedCluster_STATUS Managed + cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + aadProfile: + description: Storage version of v1api20231001.ManagedClusterAADProfile_STATUS + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: Storage version of v1api20231001.ManagedClusterAddonProfile_STATUS + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + identity: + description: Storage version of v1api20231001.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + type: object + agentPoolProfiles: + items: + description: Storage version of v1api20231001.ManagedClusterAgentPoolProfile_STATUS + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + capacityReservationGroupID: + type: string + count: + type: integer + creationData: + description: Storage version of v1api20231001.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + sourceResourceId: + type: string + type: object + currentOrchestratorVersion: + type: string + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupID: + type: string + kubeletConfig: + description: Storage version of v1api20231001.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20231001.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20231001.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + networkProfile: + description: Storage version of v1api20231001.AgentPoolNetworkProfile_STATUS + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + allowedHostPorts: + items: + description: Storage version of v1api20231001.PortRange_STATUS + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroups: + items: + type: string + type: array + nodePublicIPTags: + items: + description: Storage version of v1api20231001.IPTag_STATUS + Contains the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeImageVersion: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: Storage version of v1api20231001.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + code: + type: string + type: object + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20231001.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + drainTimeoutInMinutes: + type: integer + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetID: + type: string + workloadRuntime: + type: string + type: object + type: array + apiServerAccessProfile: + description: Storage version of v1api20231001.ManagedClusterAPIServerAccessProfile_STATUS + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + disableRunCommand: + type: boolean + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + privateDNSZone: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20231001.ManagedClusterProperties_AutoScalerProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + expander: + type: string + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: Storage version of v1api20231001.ManagedClusterAutoUpgradeProfile_STATUS + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + nodeOSUpgradeChannel: + type: string + upgradeChannel: + type: string + type: object + azureMonitorProfile: + description: Storage version of v1api20231001.ManagedClusterAzureMonitorProfile_STATUS + Azure Monitor addon profiles for monitoring the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + metrics: + description: Storage version of v1api20231001.ManagedClusterAzureMonitorProfileMetrics_STATUS + Metrics profile for the Azure Monitor managed service for Prometheus + addon. Collect out-of-the-box Kubernetes infrastructure metrics + to send to an Azure Monitor Workspace and configure additional + scraping for custom targets. See aka.ms/AzureManagedPrometheus + for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + kubeStateMetrics: + description: Storage version of v1api20231001.ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS + Kube State Metrics profile for the Azure Managed Prometheus + addon. These optional settings are for the kube-state-metrics + pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters + for details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + metricAnnotationsAllowList: + type: string + metricLabelsAllowlist: + type: string + type: object + type: object + type: object + azurePortalFQDN: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + currentKubernetesVersion: + type: string + disableLocalAccounts: + type: boolean + diskEncryptionSetID: + type: string + dnsPrefix: + type: string + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: Storage version of v1api20231001.ExtendedLocation_STATUS + The complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdn: + type: string + fqdnSubdomain: + type: string + httpProxyConfig: + description: Storage version of v1api20231001.ManagedClusterHTTPProxyConfig_STATUS + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + id: + type: string + identity: + description: Storage version of v1api20231001.ManagedClusterIdentity_STATUS + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + delegatedResources: + additionalProperties: + description: Storage version of v1api20231001.DelegatedResource_STATUS + Delegated resource properties - internal use only. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + location: + type: string + referralResource: + type: string + resourceId: + type: string + tenantId: + type: string + type: object + type: object + principalId: + type: string + tenantId: + type: string + type: + type: string + userAssignedIdentities: + additionalProperties: + description: Storage version of v1api20231001.ManagedClusterIdentity_UserAssignedIdentities_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + clientId: + type: string + principalId: + type: string + type: object + type: object + type: object + identityProfile: + additionalProperties: + description: Storage version of v1api20231001.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + kubernetesVersion: + type: string + linuxProfile: + description: Storage version of v1api20231001.ContainerServiceLinuxProfile_STATUS + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: Storage version of v1api20231001.ContainerServiceSshConfiguration_STATUS + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: Storage version of v1api20231001.ContainerServiceSshPublicKey_STATUS + Contains information about SSH certificate public key + data. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + maxAgentPools: + type: integer + name: + type: string + networkProfile: + description: Storage version of v1api20231001.ContainerServiceNetworkProfile_STATUS + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + dnsServiceIP: + type: string + ipFamilies: + items: + type: string + type: array + loadBalancerProfile: + description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_STATUS + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + backendPoolType: + type: string + effectiveOutboundIPs: + items: + description: Storage version of v1api20231001.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + enableMultipleStandardLoadBalancers: + type: boolean + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + count: + type: integer + countIPv6: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPPrefixes: + items: + description: Storage version of v1api20231001.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPs: + items: + description: Storage version of v1api20231001.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + natGatewayProfile: + description: Storage version of v1api20231001.ManagedClusterNATGatewayProfile_STATUS + Profile of the managed cluster NAT gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + effectiveOutboundIPs: + items: + description: Storage version of v1api20231001.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPProfile: + description: Storage version of v1api20231001.ManagedClusterManagedOutboundIPProfile_STATUS + Profile of the managed outbound IP resources of the managed + cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + count: + type: integer + type: object + type: object + networkDataplane: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPluginMode: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + podCidrs: + items: + type: string + type: array + serviceCidr: + type: string + serviceCidrs: + items: + type: string + type: array + type: object + nodeResourceGroup: + type: string + oidcIssuerProfile: + description: Storage version of v1api20231001.ManagedClusterOIDCIssuerProfile_STATUS + The OIDC issuer profile of the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + issuerURL: + type: string + type: object + podIdentityProfile: + description: Storage version of v1api20231001.ManagedClusterPodIdentityProfile_STATUS + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on pod identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: Storage version of v1api20231001.ManagedClusterPodIdentity_STATUS + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + bindingSelector: + type: string + identity: + description: Storage version of v1api20231001.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + name: + type: string + namespace: + type: string + provisioningInfo: + description: Storage version of v1api20231001.ManagedClusterPodIdentity_ProvisioningInfo_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + error: + description: Storage version of v1api20231001.ManagedClusterPodIdentityProvisioningError_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + error: + description: Storage version of v1api20231001.ManagedClusterPodIdentityProvisioningErrorBody_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set + of stashed information that used for properties + not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + details: + items: + description: Storage version of v1api20231001.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered + set of stashed information that used + for properties not directly supported + by storage resources, allowing for full + fidelity round trip conversions + type: object + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: + type: string + target: + type: string + type: object + type: object + type: object + provisioningState: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: Storage version of v1api20231001.ManagedClusterPodIdentityException_STATUS + See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + powerState: + description: Storage version of v1api20231001.PowerState_STATUS Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + privateFQDN: + type: string + privateLinkResources: + items: + description: Storage version of v1api20231001.PrivateLinkResource_STATUS + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + id: + type: string + name: + type: string + privateLinkServiceID: + type: string + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + provisioningState: + type: string + publicNetworkAccess: + type: string + resourceUID: + type: string + securityProfile: + description: Storage version of v1api20231001.ManagedClusterSecurityProfile_STATUS + Security profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + azureKeyVaultKms: + description: Storage version of v1api20231001.AzureKeyVaultKms_STATUS + Azure Key Vault key management service settings for the security + profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + keyId: + type: string + keyVaultNetworkAccess: + type: string + keyVaultResourceId: + type: string + type: object + defender: + description: Storage version of v1api20231001.ManagedClusterSecurityProfileDefender_STATUS + Microsoft Defender settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + logAnalyticsWorkspaceResourceId: + type: string + securityMonitoring: + description: Storage version of v1api20231001.ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS + Microsoft Defender settings for the security profile threat + detection. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + enabled: + type: boolean + type: object + type: object + imageCleaner: + description: Storage version of v1api20231001.ManagedClusterSecurityProfileImageCleaner_STATUS + Image Cleaner removes unused images from nodes, freeing up disk + space and helping to reduce attack surface area. Here are settings + for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + intervalHours: + type: integer + type: object + workloadIdentity: + description: Storage version of v1api20231001.ManagedClusterSecurityProfileWorkloadIdentity_STATUS + Workload identity settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + serviceMeshProfile: + description: Storage version of v1api20231001.ServiceMeshProfile_STATUS + Service mesh profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + istio: + description: Storage version of v1api20231001.IstioServiceMesh_STATUS + Istio service mesh configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + certificateAuthority: + description: Storage version of v1api20231001.IstioCertificateAuthority_STATUS + Istio Service Mesh Certificate Authority (CA) configuration. + For now, we only support plugin certificates as described + here https://aka.ms/asm-plugin-ca + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + plugin: + description: Storage version of v1api20231001.IstioPluginCertificateAuthority_STATUS + Plugin certificates information for Service Mesh. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + certChainObjectName: + type: string + certObjectName: + type: string + keyObjectName: + type: string + keyVaultId: + type: string + rootCertObjectName: + type: string + type: object + type: object + components: + description: Storage version of v1api20231001.IstioComponents_STATUS + Istio components configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + egressGateways: + items: + description: Storage version of v1api20231001.IstioEgressGateway_STATUS + Istio egress gateway configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + enabled: + type: boolean + nodeSelector: + additionalProperties: + type: string + type: object + type: object + type: array + ingressGateways: + items: + description: Storage version of v1api20231001.IstioIngressGateway_STATUS + Istio ingress gateway configuration. For now, we support + up to one external ingress gateway named `aks-istio-ingressgateway-external` + and one internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + enabled: + type: boolean + mode: + type: string + type: object + type: array + type: object + revisions: + items: + type: string + type: array + type: object + mode: + type: string + type: object + servicePrincipalProfile: + description: Storage version of v1api20231001.ManagedClusterServicePrincipalProfile_STATUS + Information about a service principal identity for the cluster to + use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + clientId: + type: string + type: object + sku: + description: Storage version of v1api20231001.ManagedClusterSKU_STATUS + The SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + storageProfile: + description: Storage version of v1api20231001.ManagedClusterStorageProfile_STATUS + Storage profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + blobCSIDriver: + description: Storage version of v1api20231001.ManagedClusterStorageProfileBlobCSIDriver_STATUS + AzureBlob CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + diskCSIDriver: + description: Storage version of v1api20231001.ManagedClusterStorageProfileDiskCSIDriver_STATUS + AzureDisk CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + fileCSIDriver: + description: Storage version of v1api20231001.ManagedClusterStorageProfileFileCSIDriver_STATUS + AzureFile CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + snapshotController: + description: Storage version of v1api20231001.ManagedClusterStorageProfileSnapshotController_STATUS + Snapshot Controller settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + supportPlan: + type: string + systemData: + description: Storage version of v1api20231001.SystemData_STATUS Metadata + pertaining to creation and last modification of the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + createdAt: + type: string + createdBy: + type: string + createdByType: + type: string + lastModifiedAt: + type: string + lastModifiedBy: + type: string + lastModifiedByType: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20231001.ClusterUpgradeSettings_STATUS + Settings for upgrading a cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + overrideSettings: + description: Storage version of v1api20231001.UpgradeOverrideSettings_STATUS + Settings for overrides when upgrading a cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + forceUpgrade: + type: boolean + until: + type: string + type: object + type: object + windowsProfile: + description: Storage version of v1api20231001.ManagedClusterWindowsProfile_STATUS + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminPassword: + type: string + adminUsername: + type: string + enableCSIProxy: + type: boolean + gmsaProfile: + description: Storage version of v1api20231001.WindowsGmsaProfile_STATUS + Windows gMSA Profile in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServer: + type: string + enabled: + type: boolean + rootDomainName: + type: string + type: object + licenseType: + type: string + type: object + workloadAutoScalerProfile: + description: Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfile_STATUS + Workload Auto-scaler profile for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + keda: + description: Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfileKeda_STATUS + KEDA (Kubernetes Event-driven Autoscaling) settings for the + workload auto-scaler profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + verticalPodAutoscaler: + description: Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_STATUS + VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler + profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.5.0 + name: managedclustersagentpools.containerservice.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: containerservice.azure.com + names: + kind: ManagedClustersAgentPool + listKind: ManagedClustersAgentPoolList + plural: managedclustersagentpools + singular: managedclustersagentpool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20210501 + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2021-05-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones to + use for nodes. This can only be specified if the AgentPoolType property + is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) for + user pools and in the range of 1 to 1000 (inclusive) for system + pools. The default value is 1.' + type: integer + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported on certain + VM sizes and in certain Azure regions. For more information, see: + https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require nodes + in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs + to make a direct connection to a cloud virtual machine to minimize + hops. For more information see [assigning a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of container + log files that can be present for a container. The number must + be ≥ 2.' + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' Valid + values are a sequence of decimal numbers with an optional fraction + and a unit suffix. For example: ''300ms'', ''2h45m''. Supported + units are ''ns'', ''us'', ''ms'', ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. See [Kubernetes + CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information see + [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', ''best-effort'', + ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral storage.' + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are ''always'', + ''defer'', ''defer+madvise'', ''madvise'' and ''never''. The + default is ''madvise''. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are ''always'', + ''madvise'', and ''never''. The default is ''always''. For more + information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' Agent + Pool at all times. For additional information on agent pool restrictions and + best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + enum: + - System + - User + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixIDReference: + description: 'NodePublicIPPrefixIDReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: As a best practice, you should + upgrade all node pools in an AKS cluster to the same Kubernetes + version. The node pool version must have the same major version + as the control plane. The node pool minor version must be within + two minor versions of the control plane version. The node pool version + cannot be greater than the control plane version. For more information + see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the VM supports + it and has a cache disk larger than the requested OSDiskSizeGB. + Otherwise, defaults to ''Managed''. May not be changed after creation. + For more information see [Ephemeral OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: 'OsSKU: Specifies an OS SKU. This value must not be specified + if OSType is Windows.' + enum: + - CBLMariner + - Ubuntu + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + enum: + - Linux + - Windows + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetIDReference: + description: 'PodSubnetIDReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity Placement + Group.' + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified unless + the scaleSetPriority is ''Spot''. If not specified, the default + is ''Delete''.' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal value + greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer (e.g. + ''5'') or a percentage (e.g. ''50%''). If a percentage is specified, + it is the percentage of the total agent pool size at the time + of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, + including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. If a + node contains insufficient compute resources (memory, cpu, etc) + pods might fail to run correctly. For more details on restricted + VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetIDReference: + description: 'VnetSubnetIDReference: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + required: + - owner + type: object + status: + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones to + use for nodes. This can only be specified if the AgentPoolType property + is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) for + user pools and in the range of 1 to 1000 (inclusive) for system + pools. The default value is 1.' + type: integer + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported on certain + VM sizes and in certain Azure regions. For more information, see: + https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require nodes + in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs + to make a direct connection to a cloud virtual machine to minimize + hops. For more information see [assigning a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + id: + description: 'Id: Resource ID.' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of container + log files that can be present for a container. The number must + be ≥ 2.' + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' Valid + values are a sequence of decimal numbers with an optional fraction + and a unit suffix. For example: ''300ms'', ''2h45m''. Supported + units are ''ns'', ''us'', ''ms'', ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. See [Kubernetes + CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information see + [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', ''best-effort'', + ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral storage.' + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are ''always'', + ''defer'', ''defer+madvise'', ''madvise'' and ''never''. The + default is ''madvise''. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are ''always'', + ''madvise'', and ''never''. The default is ''always''. For more + information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' Agent + Pool at all times. For additional information on agent pool restrictions and + best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + type: string + name: + description: 'Name: The name of the resource that is unique within + a resource group. This name can be used to access the resource.' + type: string + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: 'NodePublicIPPrefixID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: As a best practice, you should + upgrade all node pools in an AKS cluster to the same Kubernetes + version. The node pool version must have the same major version + as the control plane. The node pool minor version must be within + two minor versions of the control plane version. The node pool version + cannot be greater than the control plane version. For more information + see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the VM supports + it and has a cache disk larger than the requested OSDiskSizeGB. + Otherwise, defaults to ''Managed''. May not be changed after creation. + For more information see [Ephemeral OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + type: string + osSKU: + description: 'OsSKU: Specifies an OS SKU. This value must not be specified + if OSType is Windows.' + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + type: string + podSubnetID: + description: 'PodSubnetID: If omitted, pod IPs are statically assigned + on the node subnet (see vnetSubnetID for more details). This is + of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + powerState: + description: 'PowerState: Describes whether the Agent Pool is Running + or Stopped' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + properties_type: + description: 'PropertiesType: The type of Agent Pool.' + type: string + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity Placement + Group.' + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified unless + the scaleSetPriority is ''Spot''. If not specified, the default + is ''Delete''.' + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal value + greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: Resource type' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer (e.g. + ''5'') or a percentage (e.g. ''50%''). If a percentage is specified, + it is the percentage of the total agent pool size at the time + of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, + including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. If a + node contains insufficient compute resources (memory, cpu, etc) + pods might fail to run correctly. For more details on restricted + VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetID: + description: 'VnetSubnetID: If this is not specified, a VNET and subnet + will be generated and used. If no podSubnetID is specified, this + applies to nodes and pods, otherwise it applies to just nodes. This + is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20210501storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20210501.ManagedClustersAgentPool Generator + information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2021-05-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20210501.ManagedClusters_AgentPool_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + count: + type: integer + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + kubeletConfig: + description: Storage version of v1api20210501.KubeletConfig See [AKS + custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20210501.LinuxOSConfig See [AKS + custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20210501.SysctlConfig Sysctl + settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixIDReference: + description: 'NodePublicIPPrefixIDReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + originalVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetIDReference: + description: 'PodSubnetIDReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + proximityPlacementGroupID: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20210501.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetIDReference: + description: 'VnetSubnetIDReference: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + required: + - owner + type: object + status: + description: Storage version of v1api20210501.ManagedClusters_AgentPool_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + type: integer + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + id: + type: string + kubeletConfig: + description: Storage version of v1api20210501.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20210501.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20210501.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + nodeImageVersion: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: Storage version of v1api20210501.PowerState_STATUS Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + properties_type: + type: string + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20210501.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetID: + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230201 + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-02-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones to + use for nodes. This can only be specified if the AgentPoolType property + is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) for + user pools and in the range of 1 to 1000 (inclusive) for system + pools. The default value is 1.' + type: integer + creationData: + description: 'CreationData: CreationData to be used to specify the + source Snapshot ID if the node pool will be created/upgraded using + a snapshot.' + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported on certain + VM sizes and in certain Azure regions. For more information, see: + https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require nodes + in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs + to make a direct connection to a cloud virtual machine to minimize + hops. For more information see [assigning a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + hostGroupReference: + description: 'HostGroupReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of container + log files that can be present for a container. The number must + be ≥ 2.' + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' Valid + values are a sequence of decimal numbers with an optional fraction + and a unit suffix. For example: ''300ms'', ''2h45m''. Supported + units are ''ns'', ''us'', ''ms'', ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. See [Kubernetes + CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information see + [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', ''best-effort'', + ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral storage.' + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are ''always'', + ''defer'', ''defer+madvise'', ''madvise'' and ''never''. The + default is ''madvise''. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are ''always'', + ''madvise'', and ''never''. The default is ''always''. For more + information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' Agent + Pool at all times. For additional information on agent pool restrictions and + best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + enum: + - System + - User + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixReference: + description: 'NodePublicIPPrefixReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + (e.g. 1.20.13) and (e.g. 1.20) are supported. When + is specified, the latest supported GA patch version + is chosen automatically. Updating the cluster with the same + once it has been created (e.g. 1.14.x -> 1.14) will not trigger + an upgrade, even if a newer patch version is available. As a best + practice, you should upgrade all node pools in an AKS cluster to + the same Kubernetes version. The node pool version must have the + same major version as the control plane. The node pool minor version + must be within two minor versions of the control plane version. + The node pool version cannot be greater than the control plane version. + For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the VM supports + it and has a cache disk larger than the requested OSDiskSizeGB. + Otherwise, defaults to ''Managed''. May not be changed after creation. + For more information see [Ephemeral OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent pool. + The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 + if OSType is Windows.' + enum: + - CBLMariner + - Ubuntu + - Windows2019 + - Windows2022 + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + enum: + - Linux + - Windows + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: 'PowerState: When an Agent Pool is first created it is + initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and + does not accrue billing charges. An Agent Pool can only be stopped + if it is Running and provisioning state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified unless + the scaleSetPriority is ''Spot''. If not specified, the default + is ''Delete''.' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal value + greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer (e.g. + ''5'') or a percentage (e.g. ''50%''). If a percentage is specified, + it is the percentage of the total agent pool size at the time + of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, + including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. If a + node contains insufficient compute resources (memory, cpu, etc) + pods might fail to run correctly. For more details on restricted + VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + enum: + - OCIContainer + - WasmWasi + type: string + required: + - owner + type: object + status: + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones to + use for nodes. This can only be specified if the AgentPoolType property + is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) for + user pools and in the range of 1 to 1000 (inclusive) for system + pools. The default value is 1.' + type: integer + creationData: + description: 'CreationData: CreationData to be used to specify the + source Snapshot ID if the node pool will be created/upgraded using + a snapshot.' + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the source + object to be used to create the target object.' + type: string + type: object + currentOrchestratorVersion: + description: 'CurrentOrchestratorVersion: If orchestratorVersion is + a fully specified version , this field will be + exactly equal to it. If orchestratorVersion is , this + field will contain the full version being used.' + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported on certain + VM sizes and in certain Azure regions. For more information, see: + https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require nodes + in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs + to make a direct connection to a cloud virtual machine to minimize + hops. For more information see [assigning a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + hostGroupID: + description: 'HostGroupID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + type: string + id: + description: 'Id: Resource ID.' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of container + log files that can be present for a container. The number must + be ≥ 2.' + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' Valid + values are a sequence of decimal numbers with an optional fraction + and a unit suffix. For example: ''300ms'', ''2h45m''. Supported + units are ''ns'', ''us'', ''ms'', ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. See [Kubernetes + CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information see + [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', ''best-effort'', + ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral storage.' + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are ''always'', + ''defer'', ''defer+madvise'', ''madvise'' and ''never''. The + default is ''madvise''. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are ''always'', + ''madvise'', and ''never''. The default is ''always''. For more + information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' Agent + Pool at all times. For additional information on agent pool restrictions and + best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + type: string + name: + description: 'Name: The name of the resource that is unique within + a resource group. This name can be used to access the resource.' + type: string + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: 'NodePublicIPPrefixID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + (e.g. 1.20.13) and (e.g. 1.20) are supported. When + is specified, the latest supported GA patch version + is chosen automatically. Updating the cluster with the same + once it has been created (e.g. 1.14.x -> 1.14) will not trigger + an upgrade, even if a newer patch version is available. As a best + practice, you should upgrade all node pools in an AKS cluster to + the same Kubernetes version. The node pool version must have the + same major version as the control plane. The node pool minor version + must be within two minor versions of the control plane version. + The node pool version cannot be greater than the control plane version. + For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the VM supports + it and has a cache disk larger than the requested OSDiskSizeGB. + Otherwise, defaults to ''Managed''. May not be changed after creation. + For more information see [Ephemeral OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent pool. + The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 + if OSType is Windows.' + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + type: string + podSubnetID: + description: 'PodSubnetID: If omitted, pod IPs are statically assigned + on the node subnet (see vnetSubnetID for more details). This is + of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + powerState: + description: 'PowerState: When an Agent Pool is first created it is + initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and + does not accrue billing charges. An Agent Pool can only be stopped + if it is Running and provisioning state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + properties_type: + description: 'PropertiesType: The type of Agent Pool.' + type: string + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity Placement + Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified unless + the scaleSetPriority is ''Spot''. If not specified, the default + is ''Delete''.' + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal value + greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: Resource type' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer (e.g. + ''5'') or a percentage (e.g. ''50%''). If a percentage is specified, + it is the percentage of the total agent pool size at the time + of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, + including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. If a + node contains insufficient compute resources (memory, cpu, etc) + pods might fail to run correctly. For more details on restricted + VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetID: + description: 'VnetSubnetID: If this is not specified, a VNET and subnet + will be generated and used. If no podSubnetID is specified, this + applies to nodes and pods, otherwise it applies to just nodes. This + is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230201storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20230201.ManagedClustersAgentPool Generator + information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-02-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20230201.ManagedClusters_AgentPool_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + count: + type: integer + creationData: + description: Storage version of v1api20230201.CreationData Data used + when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupReference: + description: 'HostGroupReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: Storage version of v1api20230201.KubeletConfig See [AKS + custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20230201.LinuxOSConfig See [AKS + custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20230201.SysctlConfig Sysctl + settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixReference: + description: 'NodePublicIPPrefixReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + originalVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: Storage version of v1api20230201.PowerState Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20230201.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + type: string + required: + - owner + type: object + status: + description: Storage version of v1api20230201.ManagedClusters_AgentPool_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + type: integer + creationData: + description: Storage version of v1api20230201.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + sourceResourceId: + type: string + type: object + currentOrchestratorVersion: + type: string + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupID: + type: string + id: + type: string + kubeletConfig: + description: Storage version of v1api20230201.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20230201.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20230201.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + nodeImageVersion: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: Storage version of v1api20230201.PowerState_STATUS Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + properties_type: + type: string + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20230201.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetID: + type: string + workloadRuntime: + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230202preview + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-02-02-preview/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones to + use for nodes. This can only be specified if the AgentPoolType property + is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + capacityReservationGroupID: + description: 'CapacityReservationGroupID: AKS will associate the specified + agent pool with the Capacity Reservation Group.' + type: string + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) for + user pools and in the range of 1 to 1000 (inclusive) for system + pools. The default value is 1.' + type: integer + creationData: + description: 'CreationData: CreationData to be used to specify the + source Snapshot ID if the node pool will be created/upgraded using + a snapshot.' + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: 'EnableCustomCATrust: When set to true, AKS adds a label + to the node indicating that the feature is enabled and deploys a + daemonset along with host services to sync custom certificate authorities + from user-provided list of base64 encoded certificates into node + trust stores. Defaults to false.' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported on certain + VM sizes and in certain Azure regions. For more information, see: + https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require nodes + in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs + to make a direct connection to a cloud virtual machine to minimize + hops. For more information see [assigning a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + hostGroupReference: + description: 'HostGroupReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of container + log files that can be present for a container. The number must + be ≥ 2.' + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' Valid + values are a sequence of decimal numbers with an optional fraction + and a unit suffix. For example: ''300ms'', ''2h45m''. Supported + units are ''ns'', ''us'', ''ms'', ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. See [Kubernetes + CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information see + [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', ''best-effort'', + ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral storage.' + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are ''always'', + ''defer'', ''defer+madvise'', ''madvise'' and ''never''. The + default is ''madvise''. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are ''always'', + ''madvise'', and ''never''. The default is ''always''. For more + information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + messageOfTheDay: + description: 'MessageOfTheDay: A base64-encoded string which will + be written to /etc/motd after decoding. This allows customization + of the message of the day for Linux nodes. It must not be specified + for Windows nodes. It must be a static string (i.e., will be printed + raw and not be executed as a script).' + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' Agent + Pool at all times. For additional information on agent pool restrictions and + best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + enum: + - System + - User + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an agent + pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are allowed + to access. The specified ranges are allowed to overlap.' + items: + description: The port range. + properties: + portEnd: + description: 'PortEnd: The maximum port that is included + in the range. It should be ranged from 1 to 65535, and + be greater than or equal to portStart.' + maximum: 65535 + minimum: 1 + type: integer + portStart: + description: 'PortStart: The minimum port that is included + in the range. It should be ranged from 1 to 65535, and + be less than or equal to portEnd.' + maximum: 65535 + minimum: 1 + type: integer + protocol: + description: 'Protocol: The network protocol of the port.' + enum: + - TCP + - UDP + type: string + type: object + type: array + applicationSecurityGroupsReferences: + description: 'ApplicationSecurityGroupsReferences: The IDs of + the application security groups which agent pool will associate + when created.' + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure resource + via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level public + IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated with + the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixReference: + description: 'NodePublicIPPrefixReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + and are supported. When is specified, + the latest supported patch version is chosen automatically. Updating + the agent pool with the same once it has been created + will not trigger an upgrade, even if a newer patch version is available. + As a best practice, you should upgrade all node pools in an AKS + cluster to the same Kubernetes version. The node pool version must + have the same major version as the control plane. The node pool + minor version must be within two minor versions of the control plane + version. The node pool version cannot be greater than the control + plane version. For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the VM supports + it and has a cache disk larger than the requested OSDiskSizeGB. + Otherwise, defaults to ''Managed''. May not be changed after creation. + For more information see [Ephemeral OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent pool. + If not specified, the default is Ubuntu if OSType=Linux or Windows2019 + if OSType=Windows. And the default Windows OSSKU will be changed + to Windows2022 after Windows2019 is deprecated.' + enum: + - CBLMariner + - Mariner + - Ubuntu + - Windows2019 + - Windows2022 + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + enum: + - Linux + - Windows + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: 'PowerState: When an Agent Pool is first created it is + initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and + does not accrue billing charges. An Agent Pool can only be stopped + if it is Running and provisioning state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified unless + the scaleSetPriority is ''Spot''. If not specified, the default + is ''Delete''.' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal value + greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer (e.g. + ''5'') or a percentage (e.g. ''50%''). If a percentage is specified, + it is the percentage of the total agent pool size at the time + of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, + including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. If a + node contains insufficient compute resources (memory, cpu, etc) + pods might fail to run correctly. For more details on restricted + VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific profile.' + properties: + disableOutboundNat: + description: 'DisableOutboundNat: The default value is false. + Outbound NAT can only be disabled if the cluster outboundType + is NAT Gateway and the Windows agent pool does not have node + public IP enabled.' + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + enum: + - KataMshvVmIsolation + - OCIContainer + - WasmWasi + type: string + required: + - owner + type: object + status: + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones to + use for nodes. This can only be specified if the AgentPoolType property + is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + capacityReservationGroupID: + description: 'CapacityReservationGroupID: AKS will associate the specified + agent pool with the Capacity Reservation Group.' + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) for + user pools and in the range of 1 to 1000 (inclusive) for system + pools. The default value is 1.' + type: integer + creationData: + description: 'CreationData: CreationData to be used to specify the + source Snapshot ID if the node pool will be created/upgraded using + a snapshot.' + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the source + object to be used to create the target object.' + type: string + type: object + currentOrchestratorVersion: + description: 'CurrentOrchestratorVersion: If orchestratorVersion was + a fully specified version , this field will be + exactly equal to it. If orchestratorVersion was , this + field will contain the full version being used.' + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: 'EnableCustomCATrust: When set to true, AKS adds a label + to the node indicating that the feature is enabled and deploys a + daemonset along with host services to sync custom certificate authorities + from user-provided list of base64 encoded certificates into node + trust stores. Defaults to false.' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported on certain + VM sizes and in certain Azure regions. For more information, see: + https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require nodes + in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs + to make a direct connection to a cloud virtual machine to minimize + hops. For more information see [assigning a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + hostGroupID: + description: 'HostGroupID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + type: string + id: + description: 'Id: Resource ID.' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of container + log files that can be present for a container. The number must + be ≥ 2.' + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' Valid + values are a sequence of decimal numbers with an optional fraction + and a unit suffix. For example: ''300ms'', ''2h45m''. Supported + units are ''ns'', ''us'', ''ms'', ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. See [Kubernetes + CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information see + [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', ''best-effort'', + ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral storage.' + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are ''always'', + ''defer'', ''defer+madvise'', ''madvise'' and ''never''. The + default is ''madvise''. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are ''always'', + ''madvise'', and ''never''. The default is ''always''. For more + information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + messageOfTheDay: + description: 'MessageOfTheDay: A base64-encoded string which will + be written to /etc/motd after decoding. This allows customization + of the message of the day for Linux nodes. It must not be specified + for Windows nodes. It must be a static string (i.e., will be printed + raw and not be executed as a script).' + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' Agent + Pool at all times. For additional information on agent pool restrictions and + best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + type: string + name: + description: 'Name: The name of the resource that is unique within + a resource group. This name can be used to access the resource.' + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an agent + pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are allowed + to access. The specified ranges are allowed to overlap.' + items: + description: The port range. + properties: + portEnd: + description: 'PortEnd: The maximum port that is included + in the range. It should be ranged from 1 to 65535, and + be greater than or equal to portStart.' + type: integer + portStart: + description: 'PortStart: The minimum port that is included + in the range. It should be ranged from 1 to 65535, and + be less than or equal to portEnd.' + type: integer + protocol: + description: 'Protocol: The network protocol of the port.' + type: string + type: object + type: array + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: The IDs of the application + security groups which agent pool will associate when created.' + items: + type: string + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level public + IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated with + the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: 'NodePublicIPPrefixID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + and are supported. When is specified, + the latest supported patch version is chosen automatically. Updating + the agent pool with the same once it has been created + will not trigger an upgrade, even if a newer patch version is available. + As a best practice, you should upgrade all node pools in an AKS + cluster to the same Kubernetes version. The node pool version must + have the same major version as the control plane. The node pool + minor version must be within two minor versions of the control plane + version. The node pool version cannot be greater than the control + plane version. For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the VM supports + it and has a cache disk larger than the requested OSDiskSizeGB. + Otherwise, defaults to ''Managed''. May not be changed after creation. + For more information see [Ephemeral OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent pool. + If not specified, the default is Ubuntu if OSType=Linux or Windows2019 + if OSType=Windows. And the default Windows OSSKU will be changed + to Windows2022 after Windows2019 is deprecated.' + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + type: string + podSubnetID: + description: 'PodSubnetID: If omitted, pod IPs are statically assigned + on the node subnet (see vnetSubnetID for more details). This is + of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + powerState: + description: 'PowerState: When an Agent Pool is first created it is + initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and + does not accrue billing charges. An Agent Pool can only be stopped + if it is Running and provisioning state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + properties_type: + description: 'PropertiesType: The type of Agent Pool.' + type: string + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity Placement + Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified unless + the scaleSetPriority is ''Spot''. If not specified, the default + is ''Delete''.' + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal value + greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: Resource type' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer (e.g. + ''5'') or a percentage (e.g. ''50%''). If a percentage is specified, + it is the percentage of the total agent pool size at the time + of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, + including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. If a + node contains insufficient compute resources (memory, cpu, etc) + pods might fail to run correctly. For more details on restricted + VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetID: + description: 'VnetSubnetID: If this is not specified, a VNET and subnet + will be generated and used. If no podSubnetID is specified, this + applies to nodes and pods, otherwise it applies to just nodes. This + is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific profile.' + properties: + disableOutboundNat: + description: 'DisableOutboundNat: The default value is false. + Outbound NAT can only be disabled if the cluster outboundType + is NAT Gateway and the Windows agent pool does not have node + public IP enabled.' + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230202previewstorage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20230202preview.ManagedClustersAgentPool + Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-02-02-preview/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20230202preview.ManagedClusters_AgentPool_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + capacityReservationGroupID: + type: string + count: + type: integer + creationData: + description: Storage version of v1api20230202preview.CreationData + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + type: boolean + enableCustomCATrust: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupReference: + description: 'HostGroupReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: Storage version of v1api20230202preview.KubeletConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20230202preview.LinuxOSConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20230202preview.SysctlConfig + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + messageOfTheDay: + type: string + minCount: + type: integer + mode: + type: string + networkProfile: + description: Storage version of v1api20230202preview.AgentPoolNetworkProfile + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: Storage version of v1api20230202preview.PortRange + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroupsReferences: + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure resource + via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + items: + description: Storage version of v1api20230202preview.IPTag Contains + the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixReference: + description: 'NodePublicIPPrefixReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + originalVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: Storage version of v1api20230202preview.PowerState Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20230202preview.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsProfile: + description: Storage version of v1api20230202preview.AgentPoolWindowsProfile + The Windows agent pool's specific profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + disableOutboundNat: + type: boolean + type: object + workloadRuntime: + type: string + required: + - owner + type: object + status: + description: Storage version of v1api20230202preview.ManagedClusters_AgentPool_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + capacityReservationGroupID: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + type: integer + creationData: + description: Storage version of v1api20230202preview.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + sourceResourceId: + type: string + type: object + currentOrchestratorVersion: + type: string + enableAutoScaling: + type: boolean + enableCustomCATrust: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupID: + type: string + id: + type: string + kubeletConfig: + description: Storage version of v1api20230202preview.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20230202preview.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20230202preview.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + messageOfTheDay: + type: string + minCount: + type: integer + mode: + type: string + name: + type: string + networkProfile: + description: Storage version of v1api20230202preview.AgentPoolNetworkProfile_STATUS + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: Storage version of v1api20230202preview.PortRange_STATUS + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroups: + items: + type: string + type: array + nodePublicIPTags: + items: + description: Storage version of v1api20230202preview.IPTag_STATUS + Contains the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeImageVersion: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: Storage version of v1api20230202preview.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + properties_type: + type: string + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20230202preview.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetID: + type: string + windowsProfile: + description: Storage version of v1api20230202preview.AgentPoolWindowsProfile_STATUS + The Windows agent pool's specific profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + disableOutboundNat: + type: boolean + type: object + workloadRuntime: + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20231001 + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-10-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones to + use for nodes. This can only be specified if the AgentPoolType property + is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + maxLength: 12 + minLength: 1 + pattern: ^[a-z][a-z0-9]{0,11}$ + type: string + capacityReservationGroupReference: + description: 'CapacityReservationGroupReference: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) for + user pools and in the range of 1 to 1000 (inclusive) for system + pools. The default value is 1.' + type: integer + creationData: + description: 'CreationData: CreationData to be used to specify the + source Snapshot ID if the node pool will be created/upgraded using + a snapshot.' + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported on certain + VM sizes and in certain Azure regions. For more information, see: + https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require nodes + in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs + to make a direct connection to a cloud virtual machine to minimize + hops. For more information see [assigning a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + hostGroupReference: + description: 'HostGroupReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of container + log files that can be present for a container. The number must + be ≥ 2.' + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' Valid + values are a sequence of decimal numbers with an optional fraction + and a unit suffix. For example: ''300ms'', ''2h45m''. Supported + units are ''ns'', ''us'', ''ms'', ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. See [Kubernetes + CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information see + [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', ''best-effort'', + ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral storage.' + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + maximum: 90 + minimum: 10 + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + maximum: 524288 + minimum: 65536 + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + maximum: 2097152 + minimum: 131072 + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are ''always'', + ''defer'', ''defer+madvise'', ''madvise'' and ''never''. The + default is ''madvise''. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are ''always'', + ''madvise'', and ''never''. The default is ''always''. For more + information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' Agent + Pool at all times. For additional information on agent pool restrictions and + best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + enum: + - System + - User + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an agent + pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are allowed + to access. The specified ranges are allowed to overlap.' + items: + description: The port range. + properties: + portEnd: + description: 'PortEnd: The maximum port that is included + in the range. It should be ranged from 1 to 65535, and + be greater than or equal to portStart.' + maximum: 65535 + minimum: 1 + type: integer + portStart: + description: 'PortStart: The minimum port that is included + in the range. It should be ranged from 1 to 65535, and + be less than or equal to portEnd.' + maximum: 65535 + minimum: 1 + type: integer + protocol: + description: 'Protocol: The network protocol of the port.' + enum: + - TCP + - UDP + type: string + type: object + type: array + applicationSecurityGroupsReferences: + description: 'ApplicationSecurityGroupsReferences: The IDs of + the application security groups which agent pool will associate + when created.' + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure resource + via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level public + IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated with + the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixReference: + description: 'NodePublicIPPrefixReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + (e.g. 1.20.13) and (e.g. 1.20) are supported. When + is specified, the latest supported GA patch version + is chosen automatically. Updating the cluster with the same + once it has been created (e.g. 1.14.x -> 1.14) will not trigger + an upgrade, even if a newer patch version is available. As a best + practice, you should upgrade all node pools in an AKS cluster to + the same Kubernetes version. The node pool version must have the + same major version as the control plane. The node pool minor version + must be within two minor versions of the control plane version. + The node pool version cannot be greater than the control plane version. + For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the VM supports + it and has a cache disk larger than the requested OSDiskSizeGB. + Otherwise, defaults to ''Managed''. May not be changed after creation. + For more information see [Ephemeral OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent pool. + The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 + if OSType is Windows.' + enum: + - AzureLinux + - CBLMariner + - Ubuntu + - Windows2019 + - Windows2022 + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + enum: + - Linux + - Windows + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: 'PowerState: When an Agent Pool is first created it is + initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and + does not accrue billing charges. An Agent Pool can only be stopped + if it is Running and provisioning state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified unless + the scaleSetPriority is ''Spot''. If not specified, the default + is ''Delete''.' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal value + greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + drainTimeoutInMinutes: + description: 'DrainTimeoutInMinutes: The amount of time (in minutes) + to wait on eviction of pods and graceful termination per node. + This eviction wait time honors waiting on pod disruption budgets. + If this time is exceeded, the upgrade fails. If not specified, + the default is 30 minutes.' + maximum: 1440 + minimum: 1 + type: integer + maxSurge: + description: 'MaxSurge: This can either be set to an integer (e.g. + ''5'') or a percentage (e.g. ''50%''). If a percentage is specified, + it is the percentage of the total agent pool size at the time + of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, + including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. If a + node contains insufficient compute resources (memory, cpu, etc) + pods might fail to run correctly. For more details on restricted + VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + enum: + - OCIContainer + - WasmWasi + type: string + required: + - owner + type: object + status: + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones to + use for nodes. This can only be specified if the AgentPoolType property + is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + capacityReservationGroupID: + description: 'CapacityReservationGroupID: AKS will associate the specified + agent pool with the Capacity Reservation Group.' + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) for + user pools and in the range of 1 to 1000 (inclusive) for system + pools. The default value is 1.' + type: integer + creationData: + description: 'CreationData: CreationData to be used to specify the + source Snapshot ID if the node pool will be created/upgraded using + a snapshot.' + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the source + object to be used to create the target object.' + type: string + type: object + currentOrchestratorVersion: + description: 'CurrentOrchestratorVersion: If orchestratorVersion is + a fully specified version , this field will be + exactly equal to it. If orchestratorVersion is , this + field will contain the full version being used.' + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported on certain + VM sizes and in certain Azure regions. For more information, see: + https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require nodes + in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs + to make a direct connection to a cloud virtual machine to minimize + hops. For more information see [assigning a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + hostGroupID: + description: 'HostGroupID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + type: string + id: + description: 'Id: Resource ID.' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of container + log files that can be present for a container. The number must + be ≥ 2.' + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' Valid + values are a sequence of decimal numbers with an optional fraction + and a unit suffix. For example: ''300ms'', ''2h45m''. Supported + units are ''ns'', ''us'', ''ms'', ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. See [Kubernetes + CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information see + [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', ''best-effort'', + ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral storage.' + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are ''always'', + ''defer'', ''defer+madvise'', ''madvise'' and ''never''. The + default is ''madvise''. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are ''always'', + ''madvise'', and ''never''. The default is ''always''. For more + information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' Agent + Pool at all times. For additional information on agent pool restrictions and + best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + type: string + name: + description: 'Name: The name of the resource that is unique within + a resource group. This name can be used to access the resource.' + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an agent + pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are allowed + to access. The specified ranges are allowed to overlap.' + items: + description: The port range. + properties: + portEnd: + description: 'PortEnd: The maximum port that is included + in the range. It should be ranged from 1 to 65535, and + be greater than or equal to portStart.' + type: integer + portStart: + description: 'PortStart: The minimum port that is included + in the range. It should be ranged from 1 to 65535, and + be less than or equal to portEnd.' + type: integer + protocol: + description: 'Protocol: The network protocol of the port.' + type: string + type: object + type: array + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: The IDs of the application + security groups which agent pool will associate when created.' + items: + type: string + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level public + IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated with + the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: 'NodePublicIPPrefixID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + (e.g. 1.20.13) and (e.g. 1.20) are supported. When + is specified, the latest supported GA patch version + is chosen automatically. Updating the cluster with the same + once it has been created (e.g. 1.14.x -> 1.14) will not trigger + an upgrade, even if a newer patch version is available. As a best + practice, you should upgrade all node pools in an AKS cluster to + the same Kubernetes version. The node pool version must have the + same major version as the control plane. The node pool minor version + must be within two minor versions of the control plane version. + The node pool version cannot be greater than the control plane version. + For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the VM supports + it and has a cache disk larger than the requested OSDiskSizeGB. + Otherwise, defaults to ''Managed''. May not be changed after creation. + For more information see [Ephemeral OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent pool. + The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 + if OSType is Windows.' + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + type: string + podSubnetID: + description: 'PodSubnetID: If omitted, pod IPs are statically assigned + on the node subnet (see vnetSubnetID for more details). This is + of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + powerState: + description: 'PowerState: When an Agent Pool is first created it is + initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and + does not accrue billing charges. An Agent Pool can only be stopped + if it is Running and provisioning state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + properties_type: + description: 'PropertiesType: The type of Agent Pool.' + type: string + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity Placement + Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified unless + the scaleSetPriority is ''Spot''. If not specified, the default + is ''Delete''.' + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal value + greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: Resource type' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + drainTimeoutInMinutes: + description: 'DrainTimeoutInMinutes: The amount of time (in minutes) + to wait on eviction of pods and graceful termination per node. + This eviction wait time honors waiting on pod disruption budgets. + If this time is exceeded, the upgrade fails. If not specified, + the default is 30 minutes.' + type: integer + maxSurge: + description: 'MaxSurge: This can either be set to an integer (e.g. + ''5'') or a percentage (e.g. ''50%''). If a percentage is specified, + it is the percentage of the total agent pool size at the time + of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, + including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. If a + node contains insufficient compute resources (memory, cpu, etc) + pods might fail to run correctly. For more details on restricted + VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetID: + description: 'VnetSubnetID: If this is not specified, a VNET and subnet + will be generated and used. If no podSubnetID is specified, this + applies to nodes and pods, otherwise it applies to just nodes. This + is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20231001storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20231001.ManagedClustersAgentPool Generator + information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-10-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20231001.ManagedClusters_AgentPool_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + capacityReservationGroupReference: + description: 'CapacityReservationGroupReference: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + count: + type: integer + creationData: + description: Storage version of v1api20231001.CreationData Data used + when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupReference: + description: 'HostGroupReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: Storage version of v1api20231001.KubeletConfig See [AKS + custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20231001.LinuxOSConfig See [AKS + custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20231001.SysctlConfig Sysctl + settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + networkProfile: + description: Storage version of v1api20231001.AgentPoolNetworkProfile + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: Storage version of v1api20231001.PortRange The + port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroupsReferences: + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure resource + via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + items: + description: Storage version of v1api20231001.IPTag Contains + the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixReference: + description: 'NodePublicIPPrefixReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + originalVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: Storage version of v1api20231001.PowerState Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20231001.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + drainTimeoutInMinutes: + type: integer + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + type: string + required: + - owner + type: object + status: + description: Storage version of v1api20231001.ManagedClusters_AgentPool_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + capacityReservationGroupID: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + type: integer + creationData: + description: Storage version of v1api20231001.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + sourceResourceId: + type: string + type: object + currentOrchestratorVersion: + type: string + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupID: + type: string + id: + type: string + kubeletConfig: + description: Storage version of v1api20231001.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20231001.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20231001.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + networkProfile: + description: Storage version of v1api20231001.AgentPoolNetworkProfile_STATUS + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: Storage version of v1api20231001.PortRange_STATUS + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroups: + items: + type: string + type: array + nodePublicIPTags: + items: + description: Storage version of v1api20231001.IPTag_STATUS Contains + the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeImageVersion: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: Storage version of v1api20231001.PowerState_STATUS Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + properties_type: + type: string + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20231001.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + drainTimeoutInMinutes: + type: integer + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetID: + type: string + workloadRuntime: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.5.0 + name: natgateways.network.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: network.azure.com + names: + kind: NatGateway + listKind: NatGatewayList + plural: natgateways + singular: natgateway + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20220701 + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/natGateway.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/natGateways/{natGatewayName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: The idle timeout of the nat gateway.' + type: integer + location: + description: 'Location: Resource location.' + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + publicIpAddresses: + description: 'PublicIpAddresses: An array of public ip addresses associated + with the nat gateway resource.' + items: + description: Reference to another subresource. + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + publicIpPrefixes: + description: 'PublicIpPrefixes: An array of public ip prefixes associated + with the nat gateway resource.' + items: + description: Reference to another subresource. + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + sku: + description: 'Sku: The nat gateway SKU.' + properties: + name: + description: 'Name: Name of Nat Gateway SKU.' + enum: + - Standard + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + zones: + description: 'Zones: A list of availability zones denoting the zone + in which Nat Gateway should be deployed.' + items: + type: string + type: array + required: + - owner + type: object + status: + description: Nat Gateway resource. + properties: + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + id: + description: 'Id: Resource ID.' + type: string + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: The idle timeout of the nat gateway.' + type: integer + location: + description: 'Location: Resource location.' + type: string + name: + description: 'Name: Resource name.' + type: string + provisioningState: + description: 'ProvisioningState: The provisioning state of the NAT + gateway resource.' + type: string + publicIpAddresses: + description: 'PublicIpAddresses: An array of public ip addresses associated + with the nat gateway resource.' + items: + description: Reference to another subresource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + publicIpPrefixes: + description: 'PublicIpPrefixes: An array of public ip prefixes associated + with the nat gateway resource.' + items: + description: Reference to another subresource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + resourceGuid: + description: 'ResourceGuid: The resource GUID property of the NAT + gateway resource.' + type: string + sku: + description: 'Sku: The nat gateway SKU.' + properties: + name: + description: 'Name: Name of Nat Gateway SKU.' + type: string + type: object + subnets: + description: 'Subnets: An array of references to the subnets using + this nat gateway resource.' + items: + description: Reference to another subresource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: Resource type.' + type: string + zones: + description: 'Zones: A list of availability zones denoting the zone + in which Nat Gateway should be deployed.' + items: + type: string + type: array + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20220701storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20220701.NatGateway Generator information: + - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/natGateway.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/natGateways/{natGatewayName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20220701.NatGateway_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + idleTimeoutInMinutes: + type: integer + location: + type: string + originalVersion: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + publicIpAddresses: + items: + description: Storage version of v1api20220701.ApplicationGatewaySubResource + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + publicIpPrefixes: + items: + description: Storage version of v1api20220701.ApplicationGatewaySubResource + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + sku: + description: Storage version of v1api20220701.NatGatewaySku SKU of + nat gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + zones: + items: + type: string + type: array + required: + - owner + type: object + status: + description: Storage version of v1api20220701.NatGateway_STATUS Nat Gateway + resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + etag: + type: string + id: + type: string + idleTimeoutInMinutes: + type: integer + location: + type: string + name: + type: string + provisioningState: + type: string + publicIpAddresses: + items: + description: Storage version of v1api20220701.ApplicationGatewaySubResource_STATUS + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + publicIpPrefixes: + items: + description: Storage version of v1api20220701.ApplicationGatewaySubResource_STATUS + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + resourceGuid: + type: string + sku: + description: Storage version of v1api20220701.NatGatewaySku_STATUS + SKU of nat gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: object + subnets: + items: + description: Storage version of v1api20220701.ApplicationGatewaySubResource_STATUS + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + tags: + additionalProperties: + type: string + type: object + type: + type: string + zones: + items: + type: string + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.5.0 + name: privateendpoints.network.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: network.azure.com + names: + kind: PrivateEndpoint + listKind: PrivateEndpointList + plural: privateendpoints + singular: privateendpoint + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20220701 + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/privateEndpoint.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/privateEndpoints/{privateEndpointName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: Application security groups + in which the private endpoint IP configuration is included.' + items: + description: An application security group in a resource group. + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + customNetworkInterfaceName: + description: 'CustomNetworkInterfaceName: The custom name of the network + interface attached to the private endpoint.' + type: string + extendedLocation: + description: 'ExtendedLocation: The extended location of the load + balancer.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + enum: + - EdgeZone + type: string + type: object + ipConfigurations: + description: 'IpConfigurations: A list of IP configurations of the + private endpoint. This will be used to map to the First Party Service''s + endpoints.' + items: + description: An IP Configuration of the private endpoint. + properties: + groupId: + description: 'GroupId: The ID of a group obtained from the remote + resource that this private endpoint should connect to.' + type: string + memberName: + description: 'MemberName: The member name of a group obtained + from the remote resource that this private endpoint should + connect to.' + type: string + name: + description: 'Name: The name of the resource that is unique + within a resource group.' + type: string + privateIPAddress: + description: 'PrivateIPAddress: A private ip address obtained + from the private endpoint''s subnet.' + type: string + type: object + type: array + location: + description: 'Location: Resource location.' + type: string + manualPrivateLinkServiceConnections: + description: 'ManualPrivateLinkServiceConnections: A grouping of information + about the connection to the remote resource. Used when the network + admin does not have access to approve connections to the remote + resource.' + items: + description: PrivateLinkServiceConnection resource. + properties: + groupIds: + description: 'GroupIds: The ID(s) of the group(s) obtained from + the remote resource that this private endpoint should connect + to.' + items: + type: string + type: array + name: + description: 'Name: The name of the resource that is unique + within a resource group. This name can be used to access the + resource.' + type: string + privateLinkServiceConnectionState: + description: 'PrivateLinkServiceConnectionState: A collection + of read-only information about the state of the connection + to the remote resource.' + properties: + actionsRequired: + description: 'ActionsRequired: A message indicating if changes + on the service provider require any updates on the consumer.' + type: string + description: + description: 'Description: The reason for approval/rejection + of the connection.' + type: string + status: + description: 'Status: Indicates whether the connection has + been Approved/Rejected/Removed by the owner of the service.' + type: string + type: object + privateLinkServiceReference: + description: 'PrivateLinkServiceReference: The resource id of + private link service.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requestMessage: + description: 'RequestMessage: A message passed to the owner + of the remote resource with this connection request. Restricted + to 140 chars.' + type: string + type: object + type: array + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + privateLinkServiceConnections: + description: 'PrivateLinkServiceConnections: A grouping of information + about the connection to the remote resource.' + items: + description: PrivateLinkServiceConnection resource. + properties: + groupIds: + description: 'GroupIds: The ID(s) of the group(s) obtained from + the remote resource that this private endpoint should connect + to.' + items: + type: string + type: array + name: + description: 'Name: The name of the resource that is unique + within a resource group. This name can be used to access the + resource.' + type: string + privateLinkServiceConnectionState: + description: 'PrivateLinkServiceConnectionState: A collection + of read-only information about the state of the connection + to the remote resource.' + properties: + actionsRequired: + description: 'ActionsRequired: A message indicating if changes + on the service provider require any updates on the consumer.' + type: string + description: + description: 'Description: The reason for approval/rejection + of the connection.' + type: string + status: + description: 'Status: Indicates whether the connection has + been Approved/Rejected/Removed by the owner of the service.' + type: string + type: object + privateLinkServiceReference: + description: 'PrivateLinkServiceReference: The resource id of + private link service.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requestMessage: + description: 'RequestMessage: A message passed to the owner + of the remote resource with this connection request. Restricted + to 140 chars.' + type: string + type: object + type: array + subnet: + description: 'Subnet: The ID of the subnet from which the private + IP will be allocated.' + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + required: + - owner + type: object + status: + description: Private endpoint resource. + properties: + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: Application security groups + in which the private endpoint IP configuration is included.' + items: + description: An application security group in a resource group. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + customDnsConfigs: + description: 'CustomDnsConfigs: An array of custom dns configurations.' + items: + description: Contains custom Dns resolution configuration from customer. + properties: + fqdn: + description: 'Fqdn: Fqdn that resolves to private endpoint ip + address.' + type: string + ipAddresses: + description: 'IpAddresses: A list of private ip addresses of + the private endpoint.' + items: + type: string + type: array + type: object + type: array + customNetworkInterfaceName: + description: 'CustomNetworkInterfaceName: The custom name of the network + interface attached to the private endpoint.' + type: string + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + extendedLocation: + description: 'ExtendedLocation: The extended location of the load + balancer.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + type: string + type: object + id: + description: 'Id: Resource ID.' + type: string + ipConfigurations: + description: 'IpConfigurations: A list of IP configurations of the + private endpoint. This will be used to map to the First Party Service''s + endpoints.' + items: + description: An IP Configuration of the private endpoint. + properties: + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + groupId: + description: 'GroupId: The ID of a group obtained from the remote + resource that this private endpoint should connect to.' + type: string + memberName: + description: 'MemberName: The member name of a group obtained + from the remote resource that this private endpoint should + connect to.' + type: string + name: + description: 'Name: The name of the resource that is unique + within a resource group.' + type: string + privateIPAddress: + description: 'PrivateIPAddress: A private ip address obtained + from the private endpoint''s subnet.' + type: string + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + location: + description: 'Location: Resource location.' + type: string + manualPrivateLinkServiceConnections: + description: 'ManualPrivateLinkServiceConnections: A grouping of information + about the connection to the remote resource. Used when the network + admin does not have access to approve connections to the remote + resource.' + items: + description: PrivateLinkServiceConnection resource. + properties: + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + groupIds: + description: 'GroupIds: The ID(s) of the group(s) obtained from + the remote resource that this private endpoint should connect + to.' + items: + type: string + type: array + id: + description: 'Id: Resource ID.' + type: string + name: + description: 'Name: The name of the resource that is unique + within a resource group. This name can be used to access the + resource.' + type: string + privateLinkServiceConnectionState: + description: 'PrivateLinkServiceConnectionState: A collection + of read-only information about the state of the connection + to the remote resource.' + properties: + actionsRequired: + description: 'ActionsRequired: A message indicating if changes + on the service provider require any updates on the consumer.' + type: string + description: + description: 'Description: The reason for approval/rejection + of the connection.' + type: string + status: + description: 'Status: Indicates whether the connection has + been Approved/Rejected/Removed by the owner of the service.' + type: string + type: object + privateLinkServiceId: + description: 'PrivateLinkServiceId: The resource id of private + link service.' + type: string + provisioningState: + description: 'ProvisioningState: The provisioning state of the + private link service connection resource.' + type: string + requestMessage: + description: 'RequestMessage: A message passed to the owner + of the remote resource with this connection request. Restricted + to 140 chars.' + type: string + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + name: + description: 'Name: Resource name.' + type: string + networkInterfaces: + description: 'NetworkInterfaces: An array of references to the network + interfaces created for this private endpoint.' + items: + description: A network interface in a resource group. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + privateLinkServiceConnections: + description: 'PrivateLinkServiceConnections: A grouping of information + about the connection to the remote resource.' + items: + description: PrivateLinkServiceConnection resource. + properties: + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + groupIds: + description: 'GroupIds: The ID(s) of the group(s) obtained from + the remote resource that this private endpoint should connect + to.' + items: + type: string + type: array + id: + description: 'Id: Resource ID.' + type: string + name: + description: 'Name: The name of the resource that is unique + within a resource group. This name can be used to access the + resource.' + type: string + privateLinkServiceConnectionState: + description: 'PrivateLinkServiceConnectionState: A collection + of read-only information about the state of the connection + to the remote resource.' + properties: + actionsRequired: + description: 'ActionsRequired: A message indicating if changes + on the service provider require any updates on the consumer.' + type: string + description: + description: 'Description: The reason for approval/rejection + of the connection.' + type: string + status: + description: 'Status: Indicates whether the connection has + been Approved/Rejected/Removed by the owner of the service.' + type: string + type: object + privateLinkServiceId: + description: 'PrivateLinkServiceId: The resource id of private + link service.' + type: string + provisioningState: + description: 'ProvisioningState: The provisioning state of the + private link service connection resource.' + type: string + requestMessage: + description: 'RequestMessage: A message passed to the owner + of the remote resource with this connection request. Restricted + to 140 chars.' + type: string + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + provisioningState: + description: 'ProvisioningState: The provisioning state of the private + endpoint resource.' + type: string + subnet: + description: 'Subnet: The ID of the subnet from which the private + IP will be allocated.' + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: Resource type.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20220701storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20220701.PrivateEndpoint Generator information: + - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/privateEndpoint.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/privateEndpoints/{privateEndpointName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20220701.PrivateEndpoint_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + applicationSecurityGroups: + items: + description: Storage version of v1api20220701.ApplicationSecurityGroupSpec_PrivateEndpoint_SubResourceEmbedded + An application security group in a resource group. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + customNetworkInterfaceName: + type: string + extendedLocation: + description: Storage version of v1api20220701.ExtendedLocation ExtendedLocation + complex type. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + ipConfigurations: + items: + description: Storage version of v1api20220701.PrivateEndpointIPConfiguration + An IP Configuration of the private endpoint. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + memberName: + type: string + name: + type: string + privateIPAddress: + type: string + type: object + type: array + location: + type: string + manualPrivateLinkServiceConnections: + items: + description: Storage version of v1api20220701.PrivateLinkServiceConnection + PrivateLinkServiceConnection resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupIds: + items: + type: string + type: array + name: + type: string + privateLinkServiceConnectionState: + description: Storage version of v1api20220701.PrivateLinkServiceConnectionState + A collection of information about the state of the connection + between service consumer and provider. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + actionsRequired: + type: string + description: + type: string + status: + type: string + type: object + privateLinkServiceReference: + description: 'PrivateLinkServiceReference: The resource id of + private link service.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requestMessage: + type: string + type: object + type: array + originalVersion: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + privateLinkServiceConnections: + items: + description: Storage version of v1api20220701.PrivateLinkServiceConnection + PrivateLinkServiceConnection resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupIds: + items: + type: string + type: array + name: + type: string + privateLinkServiceConnectionState: + description: Storage version of v1api20220701.PrivateLinkServiceConnectionState + A collection of information about the state of the connection + between service consumer and provider. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + actionsRequired: + type: string + description: + type: string + status: + type: string + type: object + privateLinkServiceReference: + description: 'PrivateLinkServiceReference: The resource id of + private link service.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requestMessage: + type: string + type: object + type: array + subnet: + description: Storage version of v1api20220701.Subnet_PrivateEndpoint_SubResourceEmbedded + Subnet in a virtual network resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + tags: + additionalProperties: + type: string + type: object + required: + - owner + type: object + status: + description: Storage version of v1api20220701.PrivateEndpoint_STATUS_PrivateEndpoint_SubResourceEmbedded + Private endpoint resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + applicationSecurityGroups: + items: + description: Storage version of v1api20220701.ApplicationSecurityGroup_STATUS_PrivateEndpoint_SubResourceEmbedded + An application security group in a resource group. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + customDnsConfigs: + items: + description: Storage version of v1api20220701.CustomDnsConfigPropertiesFormat_STATUS + Contains custom Dns resolution configuration from customer. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fqdn: + type: string + ipAddresses: + items: + type: string + type: array + type: object + type: array + customNetworkInterfaceName: + type: string + etag: + type: string + extendedLocation: + description: Storage version of v1api20220701.ExtendedLocation_STATUS + ExtendedLocation complex type. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + id: + type: string + ipConfigurations: + items: + description: Storage version of v1api20220701.PrivateEndpointIPConfiguration_STATUS + An IP Configuration of the private endpoint. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + etag: + type: string + groupId: + type: string + memberName: + type: string + name: + type: string + privateIPAddress: + type: string + type: + type: string + type: object + type: array + location: + type: string + manualPrivateLinkServiceConnections: + items: + description: Storage version of v1api20220701.PrivateLinkServiceConnection_STATUS + PrivateLinkServiceConnection resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + etag: + type: string + groupIds: + items: + type: string + type: array + id: + type: string + name: + type: string + privateLinkServiceConnectionState: + description: Storage version of v1api20220701.PrivateLinkServiceConnectionState_STATUS + A collection of information about the state of the connection + between service consumer and provider. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + actionsRequired: + type: string + description: + type: string + status: + type: string + type: object + privateLinkServiceId: + type: string + provisioningState: + type: string + requestMessage: + type: string + type: + type: string + type: object + type: array + name: + type: string + networkInterfaces: + items: + description: Storage version of v1api20220701.NetworkInterface_STATUS_PrivateEndpoint_SubResourceEmbedded + A network interface in a resource group. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + privateLinkServiceConnections: + items: + description: Storage version of v1api20220701.PrivateLinkServiceConnection_STATUS + PrivateLinkServiceConnection resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + etag: + type: string + groupIds: + items: + type: string + type: array + id: + type: string + name: + type: string + privateLinkServiceConnectionState: + description: Storage version of v1api20220701.PrivateLinkServiceConnectionState_STATUS + A collection of information about the state of the connection + between service consumer and provider. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + actionsRequired: + type: string + description: + type: string + status: + type: string + type: object + privateLinkServiceId: + type: string + provisioningState: + type: string + requestMessage: + type: string + type: + type: string + type: object + type: array + provisioningState: + type: string + subnet: + description: Storage version of v1api20220701.Subnet_STATUS_PrivateEndpoint_SubResourceEmbedded + Subnet in a virtual network resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + type: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.5.0 + name: resourcegroups.resources.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: resources.azure.com + names: + kind: ResourceGroup + listKind: ResourceGroupList + plural: resourcegroups + singular: resourcegroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20200601 + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /resources/resource-manager/Microsoft.Resources/stable/2020-06-01/resources.json + - ARM URI: /subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + maxLength: 90 + minLength: 1 + type: string + location: + description: 'Location: The location of the resource group. It cannot + be changed after the resource group has been created. It must be + one of the supported Azure locations.' + type: string + managedBy: + description: 'ManagedBy: The ID of the resource that manages this + resource group.' + type: string + tags: + additionalProperties: + type: string + description: 'Tags: The tags attached to the resource group.' + type: object + required: + - location + type: object + status: + description: Resource group information. + properties: + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + id: + description: 'Id: The ID of the resource group.' + type: string + location: + description: 'Location: The location of the resource group. It cannot + be changed after the resource group has been created. It must be + one of the supported Azure locations.' + type: string + managedBy: + description: 'ManagedBy: The ID of the resource that manages this + resource group.' + type: string + name: + description: 'Name: The name of the resource group.' + type: string + properties: + description: 'Properties: The resource group properties.' + properties: + provisioningState: + description: 'ProvisioningState: The provisioning state.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: The tags attached to the resource group.' + type: object + type: + description: 'Type: The type of the resource group.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20200601storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20200601.ResourceGroup Generator information: + - Generated from: /resources/resource-manager/Microsoft.Resources/stable/2020-06-01/resources.json + - ARM URI: /subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20200601.ResourceGroup_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + location: + type: string + managedBy: + type: string + originalVersion: + type: string + tags: + additionalProperties: + type: string + type: object + type: object + status: + description: Storage version of v1api20200601.ResourceGroup_STATUS Resource + group information. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + id: + type: string + location: + type: string + managedBy: + type: string + name: + type: string + properties: + description: Storage version of v1api20200601.ResourceGroupProperties_STATUS + The resource group properties. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + provisioningState: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + type: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.5.0 + name: virtualnetworks.network.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: network.azure.com + names: + kind: VirtualNetwork + listKind: VirtualNetworkList + plural: virtualnetworks + singular: virtualnetwork + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20201101 + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /network/resource-manager/Microsoft.Network/stable/2020-11-01/virtualNetwork.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + addressSpace: + description: 'AddressSpace: The AddressSpace that contains an array + of IP address ranges that can be used by subnets.' + properties: + addressPrefixes: + description: 'AddressPrefixes: A list of address blocks reserved + for this virtual network in CIDR notation.' + items: + type: string + type: array + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + bgpCommunities: + description: 'BgpCommunities: Bgp Communities sent over ExpressRoute + with each route corresponding to a prefix in this VNET.' + properties: + virtualNetworkCommunity: + description: 'VirtualNetworkCommunity: The BGP community associated + with the virtual network.' + type: string + required: + - virtualNetworkCommunity + type: object + ddosProtectionPlan: + description: 'DdosProtectionPlan: The DDoS protection plan associated + with the virtual network.' + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + dhcpOptions: + description: 'DhcpOptions: The dhcpOptions that contains an array + of DNS servers available to VMs deployed in the virtual network.' + properties: + dnsServers: + description: 'DnsServers: The list of DNS servers IP addresses.' + items: + type: string + type: array + type: object + enableDdosProtection: + description: 'EnableDdosProtection: Indicates if DDoS protection is + enabled for all the protected resources in the virtual network. + It requires a DDoS protection plan associated with the resource.' + type: boolean + enableVmProtection: + description: 'EnableVmProtection: Indicates if VM protection is enabled + for all the subnets in the virtual network.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the virtual + network.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + enum: + - EdgeZone + type: string + required: + - name + - type + type: object + ipAllocations: + description: 'IpAllocations: Array of IpAllocation which reference + this VNET.' + items: + description: Reference to another subresource. + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + location: + description: 'Location: Resource location.' + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + required: + - owner + type: object + status: + description: Virtual Network resource. + properties: + addressSpace: + description: 'AddressSpace: The AddressSpace that contains an array + of IP address ranges that can be used by subnets.' + properties: + addressPrefixes: + description: 'AddressPrefixes: A list of address blocks reserved + for this virtual network in CIDR notation.' + items: + type: string + type: array + type: object + bgpCommunities: + description: 'BgpCommunities: Bgp Communities sent over ExpressRoute + with each route corresponding to a prefix in this VNET.' + properties: + regionalCommunity: + description: 'RegionalCommunity: The BGP community associated + with the region of the virtual network.' + type: string + virtualNetworkCommunity: + description: 'VirtualNetworkCommunity: The BGP community associated + with the virtual network.' + type: string + type: object + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + ddosProtectionPlan: + description: 'DdosProtectionPlan: The DDoS protection plan associated + with the virtual network.' + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + dhcpOptions: + description: 'DhcpOptions: The dhcpOptions that contains an array + of DNS servers available to VMs deployed in the virtual network.' + properties: + dnsServers: + description: 'DnsServers: The list of DNS servers IP addresses.' + items: + type: string + type: array + type: object + enableDdosProtection: + description: 'EnableDdosProtection: Indicates if DDoS protection is + enabled for all the protected resources in the virtual network. + It requires a DDoS protection plan associated with the resource.' + type: boolean + enableVmProtection: + description: 'EnableVmProtection: Indicates if VM protection is enabled + for all the subnets in the virtual network.' + type: boolean + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + extendedLocation: + description: 'ExtendedLocation: The extended location of the virtual + network.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + type: string + type: object + id: + description: 'Id: Resource ID.' + type: string + ipAllocations: + description: 'IpAllocations: Array of IpAllocation which reference + this VNET.' + items: + description: Reference to another subresource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + location: + description: 'Location: Resource location.' + type: string + name: + description: 'Name: Resource name.' + type: string + provisioningState: + description: 'ProvisioningState: The provisioning state of the virtual + network resource.' + type: string + resourceGuid: + description: 'ResourceGuid: The resourceGuid property of the Virtual + Network resource.' + type: string + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: Resource type.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20201101storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20201101.VirtualNetwork Generator information: + - Generated from: /network/resource-manager/Microsoft.Network/stable/2020-11-01/virtualNetwork.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20201101.VirtualNetwork_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + addressSpace: + description: Storage version of v1api20201101.AddressSpace AddressSpace + contains an array of IP address ranges that can be used by subnets + of the virtual network. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + addressPrefixes: + items: + type: string + type: array + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + bgpCommunities: + description: Storage version of v1api20201101.VirtualNetworkBgpCommunities + Bgp Communities sent over ExpressRoute with each route corresponding + to a prefix in this VNET. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + virtualNetworkCommunity: + type: string + type: object + ddosProtectionPlan: + description: Storage version of v1api20201101.SubResource Reference + to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + dhcpOptions: + description: Storage version of v1api20201101.DhcpOptions DhcpOptions + contains an array of DNS servers available to VMs deployed in the + virtual network. Standard DHCP option for a subnet overrides VNET + DHCP options. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + dnsServers: + items: + type: string + type: array + type: object + enableDdosProtection: + type: boolean + enableVmProtection: + type: boolean + extendedLocation: + description: Storage version of v1api20201101.ExtendedLocation ExtendedLocation + complex type. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + ipAllocations: + items: + description: Storage version of v1api20201101.SubResource Reference + to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + location: + type: string + originalVersion: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + tags: + additionalProperties: + type: string + type: object + required: + - owner + type: object + status: + description: Storage version of v1api20201101.VirtualNetwork_STATUS Virtual + Network resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + addressSpace: + description: Storage version of v1api20201101.AddressSpace_STATUS + AddressSpace contains an array of IP address ranges that can be + used by subnets of the virtual network. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + addressPrefixes: + items: + type: string + type: array + type: object + bgpCommunities: + description: Storage version of v1api20201101.VirtualNetworkBgpCommunities_STATUS + Bgp Communities sent over ExpressRoute with each route corresponding + to a prefix in this VNET. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + regionalCommunity: + type: string + virtualNetworkCommunity: + type: string + type: object + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + ddosProtectionPlan: + description: Storage version of v1api20201101.SubResource_STATUS Reference + to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + dhcpOptions: + description: Storage version of v1api20201101.DhcpOptions_STATUS DhcpOptions + contains an array of DNS servers available to VMs deployed in the + virtual network. Standard DHCP option for a subnet overrides VNET + DHCP options. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + dnsServers: + items: + type: string + type: array + type: object + enableDdosProtection: + type: boolean + enableVmProtection: + type: boolean + etag: + type: string + extendedLocation: + description: Storage version of v1api20201101.ExtendedLocation_STATUS + ExtendedLocation complex type. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + id: + type: string + ipAllocations: + items: + description: Storage version of v1api20201101.SubResource_STATUS + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + location: + type: string + name: + type: string + provisioningState: + type: string + resourceGuid: + type: string + tags: + additionalProperties: + type: string + type: object + type: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.5.0 + name: virtualnetworkssubnets.network.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: network.azure.com + names: + kind: VirtualNetworksSubnet + listKind: VirtualNetworksSubnetList + plural: virtualnetworkssubnets + singular: virtualnetworkssubnet + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20201101 + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /network/resource-manager/Microsoft.Network/stable/2020-11-01/virtualNetwork.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + addressPrefix: + description: 'AddressPrefix: The address prefix for the subnet.' + type: string + addressPrefixes: + description: 'AddressPrefixes: List of address prefixes for the subnet.' + items: + type: string + type: array + applicationGatewayIpConfigurations: + description: 'ApplicationGatewayIpConfigurations: Application gateway + IP configurations of virtual network resource.' + items: + description: IP configuration of an application gateway. Currently + 1 public and 1 private IP configuration is allowed. + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + delegations: + description: 'Delegations: An array of references to the delegations + on the subnet.' + items: + description: Details the service to which the subnet is delegated. + properties: + name: + description: 'Name: The name of the resource that is unique + within a subnet. This name can be used to access the resource.' + type: string + serviceName: + description: 'ServiceName: The name of the service to whom the + subnet should be delegated (e.g. Microsoft.Sql/servers).' + type: string + type: object + type: array + ipAllocations: + description: 'IpAllocations: Array of IpAllocation which reference + this subnet.' + items: + description: Reference to another subresource. + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + natGateway: + description: 'NatGateway: Nat gateway associated with this subnet.' + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + networkSecurityGroup: + description: 'NetworkSecurityGroup: The reference to the NetworkSecurityGroup + resource.' + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a network.azure.com/VirtualNetwork + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + privateEndpointNetworkPolicies: + description: 'PrivateEndpointNetworkPolicies: Enable or Disable apply + network policies on private end point in the subnet.' + enum: + - Disabled + - Enabled + type: string + privateLinkServiceNetworkPolicies: + description: 'PrivateLinkServiceNetworkPolicies: Enable or Disable + apply network policies on private link service in the subnet.' + enum: + - Disabled + - Enabled + type: string + routeTable: + description: 'RouteTable: The reference to the RouteTable resource.' + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + serviceEndpointPolicies: + description: 'ServiceEndpointPolicies: An array of service endpoint + policies.' + items: + description: Service End point policy resource. + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + serviceEndpoints: + description: 'ServiceEndpoints: An array of service endpoints.' + items: + description: The service endpoint properties. + properties: + locations: + description: 'Locations: A list of locations.' + items: + type: string + type: array + service: + description: 'Service: The type of the endpoint service.' + type: string + type: object + type: array + required: + - owner + type: object + status: + properties: + addressPrefix: + description: 'AddressPrefix: The address prefix for the subnet.' + type: string + addressPrefixes: + description: 'AddressPrefixes: List of address prefixes for the subnet.' + items: + type: string + type: array + applicationGatewayIpConfigurations: + description: 'ApplicationGatewayIpConfigurations: Application gateway + IP configurations of virtual network resource.' + items: + description: IP configuration of an application gateway. Currently + 1 public and 1 private IP configuration is allowed. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + delegations: + description: 'Delegations: An array of references to the delegations + on the subnet.' + items: + description: Details the service to which the subnet is delegated. + properties: + actions: + description: 'Actions: The actions permitted to the service + upon delegation.' + items: + type: string + type: array + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + id: + description: 'Id: Resource ID.' + type: string + name: + description: 'Name: The name of the resource that is unique + within a subnet. This name can be used to access the resource.' + type: string + provisioningState: + description: 'ProvisioningState: The provisioning state of the + service delegation resource.' + type: string + serviceName: + description: 'ServiceName: The name of the service to whom the + subnet should be delegated (e.g. Microsoft.Sql/servers).' + type: string + type: + description: 'Type: Resource type.' + type: string + type: object + type: array + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + id: + description: 'Id: Resource ID.' + type: string + ipAllocations: + description: 'IpAllocations: Array of IpAllocation which reference + this subnet.' + items: + description: Reference to another subresource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + ipConfigurationProfiles: + description: 'IpConfigurationProfiles: Array of IP configuration profiles + which reference this subnet.' + items: + description: IP configuration profile child resource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + ipConfigurations: + description: 'IpConfigurations: An array of references to the network + interface IP configurations using subnet.' + items: + description: IP configuration. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + name: + description: 'Name: The name of the resource that is unique within + a resource group. This name can be used to access the resource.' + type: string + natGateway: + description: 'NatGateway: Nat gateway associated with this subnet.' + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + networkSecurityGroup: + description: 'NetworkSecurityGroup: The reference to the NetworkSecurityGroup + resource.' + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + privateEndpointNetworkPolicies: + description: 'PrivateEndpointNetworkPolicies: Enable or Disable apply + network policies on private end point in the subnet.' + type: string + privateEndpoints: + description: 'PrivateEndpoints: An array of references to private + endpoints.' + items: + description: Private endpoint resource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + privateLinkServiceNetworkPolicies: + description: 'PrivateLinkServiceNetworkPolicies: Enable or Disable + apply network policies on private link service in the subnet.' + type: string + provisioningState: + description: 'ProvisioningState: The provisioning state of the subnet + resource.' + type: string + purpose: + description: 'Purpose: A read-only string identifying the intention + of use for this subnet based on delegations and other user-defined + properties.' + type: string + resourceNavigationLinks: + description: 'ResourceNavigationLinks: An array of references to the + external resources using subnet.' + items: + description: ResourceNavigationLink resource. + properties: + id: + description: 'Id: Resource navigation link identifier.' + type: string + type: object + type: array + routeTable: + description: 'RouteTable: The reference to the RouteTable resource.' + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + serviceAssociationLinks: + description: 'ServiceAssociationLinks: An array of references to services + injecting into this subnet.' + items: + description: ServiceAssociationLink resource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + serviceEndpointPolicies: + description: 'ServiceEndpointPolicies: An array of service endpoint + policies.' + items: + description: Service End point policy resource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + serviceEndpoints: + description: 'ServiceEndpoints: An array of service endpoints.' + items: + description: The service endpoint properties. + properties: + locations: + description: 'Locations: A list of locations.' + items: + type: string + type: array + provisioningState: + description: 'ProvisioningState: The provisioning state of the + service endpoint resource.' + type: string + service: + description: 'Service: The type of the endpoint service.' + type: string + type: object + type: array + type: + description: 'Type: Resource type.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20201101storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20201101.VirtualNetworksSubnet Generator + information: - Generated from: /network/resource-manager/Microsoft.Network/stable/2020-11-01/virtualNetwork.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20201101.VirtualNetworks_Subnet_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + addressPrefix: + type: string + addressPrefixes: + items: + type: string + type: array + applicationGatewayIpConfigurations: + items: + description: Storage version of v1api20201101.ApplicationGatewayIPConfiguration_VirtualNetworks_Subnet_SubResourceEmbedded + IP configuration of an application gateway. Currently 1 public + and 1 private IP configuration is allowed. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + delegations: + items: + description: Storage version of v1api20201101.Delegation Details + the service to which the subnet is delegated. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + serviceName: + type: string + type: object + type: array + ipAllocations: + items: + description: Storage version of v1api20201101.SubResource Reference + to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + natGateway: + description: Storage version of v1api20201101.SubResource Reference + to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + networkSecurityGroup: + description: Storage version of v1api20201101.NetworkSecurityGroupSpec_VirtualNetworks_Subnet_SubResourceEmbedded + NetworkSecurityGroup resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + originalVersion: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a network.azure.com/VirtualNetwork + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + privateEndpointNetworkPolicies: + type: string + privateLinkServiceNetworkPolicies: + type: string + routeTable: + description: Storage version of v1api20201101.RouteTableSpec_VirtualNetworks_Subnet_SubResourceEmbedded + Route table resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + serviceEndpointPolicies: + items: + description: Storage version of v1api20201101.ServiceEndpointPolicySpec_VirtualNetworks_Subnet_SubResourceEmbedded + Service End point policy resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + serviceEndpoints: + items: + description: Storage version of v1api20201101.ServiceEndpointPropertiesFormat + The service endpoint properties. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + locations: + items: + type: string + type: array + service: + type: string + type: object + type: array + required: + - owner + type: object + status: + description: Storage version of v1api20201101.VirtualNetworks_Subnet_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + addressPrefix: + type: string + addressPrefixes: + items: + type: string + type: array + applicationGatewayIpConfigurations: + items: + description: Storage version of v1api20201101.ApplicationGatewayIPConfiguration_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded + IP configuration of an application gateway. Currently 1 public + and 1 private IP configuration is allowed. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + delegations: + items: + description: Storage version of v1api20201101.Delegation_STATUS + Details the service to which the subnet is delegated. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + actions: + items: + type: string + type: array + etag: + type: string + id: + type: string + name: + type: string + provisioningState: + type: string + serviceName: + type: string + type: + type: string + type: object + type: array + etag: + type: string + id: + type: string + ipAllocations: + items: + description: Storage version of v1api20201101.SubResource_STATUS + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + ipConfigurationProfiles: + items: + description: Storage version of v1api20201101.IPConfigurationProfile_STATUS + IP configuration profile child resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + ipConfigurations: + items: + description: Storage version of v1api20201101.IPConfiguration_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded + IP configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + name: + type: string + natGateway: + description: Storage version of v1api20201101.SubResource_STATUS Reference + to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + networkSecurityGroup: + description: Storage version of v1api20201101.NetworkSecurityGroup_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded + NetworkSecurityGroup resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + privateEndpointNetworkPolicies: + type: string + privateEndpoints: + items: + description: Storage version of v1api20201101.PrivateEndpoint_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded + Private endpoint resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + privateLinkServiceNetworkPolicies: + type: string + provisioningState: + type: string + purpose: + type: string + resourceNavigationLinks: + items: + description: Storage version of v1api20201101.ResourceNavigationLink_STATUS + ResourceNavigationLink resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + routeTable: + description: Storage version of v1api20201101.RouteTable_STATUS_SubResourceEmbedded + Route table resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + serviceAssociationLinks: + items: + description: Storage version of v1api20201101.ServiceAssociationLink_STATUS + ServiceAssociationLink resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + serviceEndpointPolicies: + items: + description: Storage version of v1api20201101.ServiceEndpointPolicy_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded + Service End point policy resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + serviceEndpoints: + items: + description: Storage version of v1api20201101.ServiceEndpointPropertiesFormat_STATUS + The service endpoint properties. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + locations: + items: + type: string + type: array + provisioningState: + type: string + service: + type: string + type: object + type: array + type: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/name: azure-service-operator + name: azureserviceoperator-default + namespace: capz-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-manager + namespace: capz-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: azureserviceoperator-leader-election-role + namespace: capz-system +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-leader-election-role + namespace: capz-system +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: azureserviceoperator-crd-reader-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: azureserviceoperator-manager-role +rules: +- apiGroups: + - apimanagement.azure.com + resources: + - apis + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - apis/finalizers + - apis/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - apiversionsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - apiversionsets/finalizers + - apiversionsets/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - backends + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - backends/finalizers + - backends/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - namedvalues + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - namedvalues/finalizers + - namedvalues/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - policies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - policies/finalizers + - policies/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - policyfragments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - policyfragments/finalizers + - policyfragments/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - products + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - products/finalizers + - products/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - services/finalizers + - services/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - subscriptions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - subscriptions/finalizers + - subscriptions/status + verbs: + - get + - patch + - update +- apiGroups: + - appconfiguration.azure.com + resources: + - configurationstores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - appconfiguration.azure.com + resources: + - configurationstores/finalizers + - configurationstores/status + verbs: + - get + - patch + - update +- apiGroups: + - authorization.azure.com + resources: + - roleassignments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - authorization.azure.com + resources: + - roleassignments/finalizers + - roleassignments/status + verbs: + - get + - patch + - update +- apiGroups: + - batch.azure.com + resources: + - batchaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch.azure.com + resources: + - batchaccounts/finalizers + - batchaccounts/status + verbs: + - get + - patch + - update +- apiGroups: + - cache.azure.com + resources: + - redis + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cache.azure.com + resources: + - redis/finalizers + - redis/status + verbs: + - get + - patch + - update +- apiGroups: + - cache.azure.com + resources: + - redisenterprisedatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cache.azure.com + resources: + - redisenterprisedatabases/finalizers + - redisenterprisedatabases/status + verbs: + - get + - patch + - update +- apiGroups: + - cache.azure.com + resources: + - redisenterprises + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cache.azure.com + resources: + - redisenterprises/finalizers + - redisenterprises/status + verbs: + - get + - patch + - update +- apiGroups: + - cache.azure.com + resources: + - redisfirewallrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cache.azure.com + resources: + - redisfirewallrules/finalizers + - redisfirewallrules/status + verbs: + - get + - patch + - update +- apiGroups: + - cache.azure.com + resources: + - redislinkedservers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cache.azure.com + resources: + - redislinkedservers/finalizers + - redislinkedservers/status + verbs: + - get + - patch + - update +- apiGroups: + - cache.azure.com + resources: + - redispatchschedules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cache.azure.com + resources: + - redispatchschedules/finalizers + - redispatchschedules/status + verbs: + - get + - patch + - update +- apiGroups: + - cdn.azure.com + resources: + - profiles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cdn.azure.com + resources: + - profiles/finalizers + - profiles/status + verbs: + - get + - patch + - update +- apiGroups: + - cdn.azure.com + resources: + - profilesendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cdn.azure.com + resources: + - profilesendpoints/finalizers + - profilesendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - diskencryptionsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - diskencryptionsets/finalizers + - diskencryptionsets/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - disks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - disks/finalizers + - disks/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - images + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - images/finalizers + - images/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - snapshots + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - snapshots/finalizers + - snapshots/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - virtualmachines + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - virtualmachines/finalizers + - virtualmachines/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - virtualmachinescalesets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - virtualmachinescalesets/finalizers + - virtualmachinescalesets/status + verbs: + - get + - patch + - update +- apiGroups: + - containerinstance.azure.com + resources: + - containergroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerinstance.azure.com + resources: + - containergroups/finalizers + - containergroups/status + verbs: + - get + - patch + - update +- apiGroups: + - containerregistry.azure.com + resources: + - registries + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerregistry.azure.com + resources: + - registries/finalizers + - registries/status + verbs: + - get + - patch + - update +- apiGroups: + - containerservice.azure.com + resources: + - fleets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - fleets/finalizers + - fleets/status + verbs: + - get + - patch + - update +- apiGroups: + - containerservice.azure.com + resources: + - fleetsmembers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - fleetsmembers/finalizers + - fleetsmembers/status + verbs: + - get + - patch + - update +- apiGroups: + - containerservice.azure.com + resources: + - fleetsupdateruns + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - fleetsupdateruns/finalizers + - fleetsupdateruns/status + verbs: + - get + - patch + - update +- apiGroups: + - containerservice.azure.com + resources: + - managedclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - managedclusters/finalizers + - managedclusters/status + verbs: + - get + - patch + - update +- apiGroups: + - containerservice.azure.com + resources: + - managedclustersagentpools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - managedclustersagentpools/finalizers + - managedclustersagentpools/status + verbs: + - get + - patch + - update +- apiGroups: + - containerservice.azure.com + resources: + - trustedaccessrolebindings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - trustedaccessrolebindings/finalizers + - trustedaccessrolebindings/status + verbs: + - get + - patch + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - datafactory.azure.com + resources: + - factories + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - datafactory.azure.com + resources: + - factories/finalizers + - factories/status + verbs: + - get + - patch + - update +- apiGroups: + - dataprotection.azure.com + resources: + - backupvaults + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dataprotection.azure.com + resources: + - backupvaults/finalizers + - backupvaults/status + verbs: + - get + - patch + - update +- apiGroups: + - dataprotection.azure.com + resources: + - backupvaultsbackuppolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dataprotection.azure.com + resources: + - backupvaultsbackuppolicies/finalizers + - backupvaultsbackuppolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformariadb.azure.com + resources: + - configurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformariadb.azure.com + resources: + - configurations/finalizers + - configurations/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformariadb.azure.com + resources: + - databases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformariadb.azure.com + resources: + - databases/finalizers + - databases/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformariadb.azure.com + resources: + - servers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformariadb.azure.com + resources: + - servers/finalizers + - servers/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleservers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleservers/finalizers + - flexibleservers/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversadministrators + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversadministrators/finalizers + - flexibleserversadministrators/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversconfigurations/finalizers + - flexibleserversconfigurations/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversdatabases/finalizers + - flexibleserversdatabases/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversfirewallrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversfirewallrules/finalizers + - flexibleserversfirewallrules/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformysql.azure.com + resources: + - users + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformysql.azure.com + resources: + - users/finalizers + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleservers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleservers/finalizers + - flexibleservers/status + verbs: + - get + - patch + - update +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleserversconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleserversconfigurations/finalizers + - flexibleserversconfigurations/status + verbs: + - get + - patch + - update +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleserversdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleserversdatabases/finalizers + - flexibleserversdatabases/status + verbs: + - get + - patch + - update +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleserversfirewallrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleserversfirewallrules/finalizers + - flexibleserversfirewallrules/status + verbs: + - get + - patch + - update +- apiGroups: + - dbforpostgresql.azure.com + resources: + - users + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbforpostgresql.azure.com + resources: + - users/finalizers + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - devices.azure.com + resources: + - iothubs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - devices.azure.com + resources: + - iothubs/finalizers + - iothubs/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - databaseaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - databaseaccounts/finalizers + - databaseaccounts/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabasecollections + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabasecollections/finalizers + - mongodbdatabasecollections/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabasecollectionthroughputsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabasecollectionthroughputsettings/finalizers + - mongodbdatabasecollectionthroughputsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabases/finalizers + - mongodbdatabases/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabasethroughputsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabasethroughputsettings/finalizers + - mongodbdatabasethroughputsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainers/finalizers + - sqldatabasecontainers/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainerstoredprocedures + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainerstoredprocedures/finalizers + - sqldatabasecontainerstoredprocedures/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainerthroughputsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainerthroughputsettings/finalizers + - sqldatabasecontainerthroughputsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainertriggers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainertriggers/finalizers + - sqldatabasecontainertriggers/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontaineruserdefinedfunctions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontaineruserdefinedfunctions/finalizers + - sqldatabasecontaineruserdefinedfunctions/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabases/finalizers + - sqldatabases/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasethroughputsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasethroughputsettings/finalizers + - sqldatabasethroughputsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqlroleassignments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqlroleassignments/finalizers + - sqlroleassignments/status + verbs: + - get + - patch + - update +- apiGroups: + - eventgrid.azure.com + resources: + - domains + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventgrid.azure.com + resources: + - domains/finalizers + - domains/status + verbs: + - get + - patch + - update +- apiGroups: + - eventgrid.azure.com + resources: + - domainstopics + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventgrid.azure.com + resources: + - domainstopics/finalizers + - domainstopics/status + verbs: + - get + - patch + - update +- apiGroups: + - eventgrid.azure.com + resources: + - eventsubscriptions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventgrid.azure.com + resources: + - eventsubscriptions/finalizers + - eventsubscriptions/status + verbs: + - get + - patch + - update +- apiGroups: + - eventgrid.azure.com + resources: + - topics + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventgrid.azure.com + resources: + - topics/finalizers + - topics/status + verbs: + - get + - patch + - update +- apiGroups: + - eventhub.azure.com + resources: + - namespaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventhub.azure.com + resources: + - namespaces/finalizers + - namespaces/status + verbs: + - get + - patch + - update +- apiGroups: + - eventhub.azure.com + resources: + - namespacesauthorizationrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventhub.azure.com + resources: + - namespacesauthorizationrules/finalizers + - namespacesauthorizationrules/status + verbs: + - get + - patch + - update +- apiGroups: + - eventhub.azure.com + resources: + - namespaceseventhubs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventhub.azure.com + resources: + - namespaceseventhubs/finalizers + - namespaceseventhubs/status + verbs: + - get + - patch + - update +- apiGroups: + - eventhub.azure.com + resources: + - namespaceseventhubsauthorizationrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventhub.azure.com + resources: + - namespaceseventhubsauthorizationrules/finalizers + - namespaceseventhubsauthorizationrules/status + verbs: + - get + - patch + - update +- apiGroups: + - eventhub.azure.com + resources: + - namespaceseventhubsconsumergroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventhub.azure.com + resources: + - namespaceseventhubsconsumergroups/finalizers + - namespaceseventhubsconsumergroups/status + verbs: + - get + - patch + - update +- apiGroups: + - insights.azure.com + resources: + - actiongroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - insights.azure.com + resources: + - actiongroups/finalizers + - actiongroups/status + verbs: + - get + - patch + - update +- apiGroups: + - insights.azure.com + resources: + - autoscalesettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - insights.azure.com + resources: + - autoscalesettings/finalizers + - autoscalesettings/status + verbs: + - get + - patch + - update +- apiGroups: + - insights.azure.com + resources: + - components + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - insights.azure.com + resources: + - components/finalizers + - components/status + verbs: + - get + - patch + - update +- apiGroups: + - insights.azure.com + resources: + - metricalerts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - insights.azure.com + resources: + - metricalerts/finalizers + - metricalerts/status + verbs: + - get + - patch + - update +- apiGroups: + - insights.azure.com + resources: + - scheduledqueryrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - insights.azure.com + resources: + - scheduledqueryrules/finalizers + - scheduledqueryrules/status + verbs: + - get + - patch + - update +- apiGroups: + - insights.azure.com + resources: + - webtests + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - insights.azure.com + resources: + - webtests/finalizers + - webtests/status + verbs: + - get + - patch + - update +- apiGroups: + - keyvault.azure.com + resources: + - vaults + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - keyvault.azure.com + resources: + - vaults/finalizers + - vaults/status + verbs: + - get + - patch + - update +- apiGroups: + - kubernetesconfiguration.azure.com + resources: + - extensions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - kubernetesconfiguration.azure.com + resources: + - extensions/finalizers + - extensions/status + verbs: + - get + - patch + - update +- apiGroups: + - machinelearningservices.azure.com + resources: + - workspaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - machinelearningservices.azure.com + resources: + - workspaces/finalizers + - workspaces/status + verbs: + - get + - patch + - update +- apiGroups: + - machinelearningservices.azure.com + resources: + - workspacescomputes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - machinelearningservices.azure.com + resources: + - workspacescomputes/finalizers + - workspacescomputes/status + verbs: + - get + - patch + - update +- apiGroups: + - machinelearningservices.azure.com + resources: + - workspacesconnections + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - machinelearningservices.azure.com + resources: + - workspacesconnections/finalizers + - workspacesconnections/status + verbs: + - get + - patch + - update +- apiGroups: + - managedidentity.azure.com + resources: + - federatedidentitycredentials + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - managedidentity.azure.com + resources: + - federatedidentitycredentials/finalizers + - federatedidentitycredentials/status + verbs: + - get + - patch + - update +- apiGroups: + - managedidentity.azure.com + resources: + - userassignedidentities + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - managedidentity.azure.com + resources: + - userassignedidentities/finalizers + - userassignedidentities/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - applicationgateways + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - applicationgateways/finalizers + - applicationgateways/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - bastionhosts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - bastionhosts/finalizers + - bastionhosts/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnsforwardingrulesets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnsforwardingrulesets/finalizers + - dnsforwardingrulesets/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnsforwardingrulesetsforwardingrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnsforwardingrulesetsforwardingrules/finalizers + - dnsforwardingrulesetsforwardingrules/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnsresolvers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnsresolvers/finalizers + - dnsresolvers/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnsresolversinboundendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnsresolversinboundendpoints/finalizers + - dnsresolversinboundendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnsresolversoutboundendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnsresolversoutboundendpoints/finalizers + - dnsresolversoutboundendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszones + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszones/finalizers + - dnszones/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonesaaaarecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonesaaaarecords/finalizers + - dnszonesaaaarecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonesarecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonesarecords/finalizers + - dnszonesarecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonescaarecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonescaarecords/finalizers + - dnszonescaarecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonescnamerecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonescnamerecords/finalizers + - dnszonescnamerecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonesmxrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonesmxrecords/finalizers + - dnszonesmxrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonesnsrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonesnsrecords/finalizers + - dnszonesnsrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonesptrrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonesptrrecords/finalizers + - dnszonesptrrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonessrvrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonessrvrecords/finalizers + - dnszonessrvrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonestxtrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonestxtrecords/finalizers + - dnszonestxtrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - loadbalancers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - loadbalancers/finalizers + - loadbalancers/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - loadbalancersinboundnatrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - loadbalancersinboundnatrules/finalizers + - loadbalancersinboundnatrules/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - natgateways + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - natgateways/finalizers + - natgateways/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - networkinterfaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - networkinterfaces/finalizers + - networkinterfaces/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - networksecuritygroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - networksecuritygroups/finalizers + - networksecuritygroups/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - networksecuritygroupssecurityrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - networksecuritygroupssecurityrules/finalizers + - networksecuritygroupssecurityrules/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszones + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszones/finalizers + - privatednszones/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonesaaaarecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonesaaaarecords/finalizers + - privatednszonesaaaarecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonesarecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonesarecords/finalizers + - privatednszonesarecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonescnamerecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonescnamerecords/finalizers + - privatednszonescnamerecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonesmxrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonesmxrecords/finalizers + - privatednszonesmxrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonesptrrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonesptrrecords/finalizers + - privatednszonesptrrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonessrvrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonessrvrecords/finalizers + - privatednszonessrvrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonestxtrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonestxtrecords/finalizers + - privatednszonestxtrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonesvirtualnetworklinks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonesvirtualnetworklinks/finalizers + - privatednszonesvirtualnetworklinks/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privateendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privateendpoints/finalizers + - privateendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privateendpointsprivatednszonegroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privateendpointsprivatednszonegroups/finalizers + - privateendpointsprivatednszonegroups/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatelinkservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatelinkservices/finalizers + - privatelinkservices/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - publicipaddresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - publicipaddresses/finalizers + - publicipaddresses/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - publicipprefixes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - publicipprefixes/finalizers + - publicipprefixes/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - routetables + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - routetables/finalizers + - routetables/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - routetablesroutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - routetablesroutes/finalizers + - routetablesroutes/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofiles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofiles/finalizers + - trafficmanagerprofiles/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofilesazureendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofilesazureendpoints/finalizers + - trafficmanagerprofilesazureendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofilesexternalendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofilesexternalendpoints/finalizers + - trafficmanagerprofilesexternalendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofilesnestedendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofilesnestedendpoints/finalizers + - trafficmanagerprofilesnestedendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - virtualnetworkgateways + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - virtualnetworkgateways/finalizers + - virtualnetworkgateways/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - virtualnetworks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - virtualnetworks/finalizers + - virtualnetworks/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - virtualnetworkssubnets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - virtualnetworkssubnets/finalizers + - virtualnetworkssubnets/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - virtualnetworksvirtualnetworkpeerings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - virtualnetworksvirtualnetworkpeerings/finalizers + - virtualnetworksvirtualnetworkpeerings/status + verbs: + - get + - patch + - update +- apiGroups: + - operationalinsights.azure.com + resources: + - workspaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - operationalinsights.azure.com + resources: + - workspaces/finalizers + - workspaces/status + verbs: + - get + - patch + - update +- apiGroups: + - resources.azure.com + resources: + - resourcegroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - resources.azure.com + resources: + - resourcegroups/finalizers + - resourcegroups/status + verbs: + - get + - patch + - update +- apiGroups: + - search.azure.com + resources: + - searchservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - search.azure.com + resources: + - searchservices/finalizers + - searchservices/status + verbs: + - get + - patch + - update +- apiGroups: + - servicebus.azure.com + resources: + - namespaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - servicebus.azure.com + resources: + - namespaces/finalizers + - namespaces/status + verbs: + - get + - patch + - update +- apiGroups: + - servicebus.azure.com + resources: + - namespacesauthorizationrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - servicebus.azure.com + resources: + - namespacesauthorizationrules/finalizers + - namespacesauthorizationrules/status + verbs: + - get + - patch + - update +- apiGroups: + - servicebus.azure.com + resources: + - namespacesqueues + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - servicebus.azure.com + resources: + - namespacesqueues/finalizers + - namespacesqueues/status + verbs: + - get + - patch + - update +- apiGroups: + - servicebus.azure.com + resources: + - namespacestopics + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - servicebus.azure.com + resources: + - namespacestopics/finalizers + - namespacestopics/status + verbs: + - get + - patch + - update +- apiGroups: + - servicebus.azure.com + resources: + - namespacestopicssubscriptions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - servicebus.azure.com + resources: + - namespacestopicssubscriptions/finalizers + - namespacestopicssubscriptions/status + verbs: + - get + - patch + - update +- apiGroups: + - servicebus.azure.com + resources: + - namespacestopicssubscriptionsrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - servicebus.azure.com + resources: + - namespacestopicssubscriptionsrules/finalizers + - namespacestopicssubscriptionsrules/status + verbs: + - get + - patch + - update +- apiGroups: + - signalrservice.azure.com + resources: + - signalrs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - signalrservice.azure.com + resources: + - signalrs/finalizers + - signalrs/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - servers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - servers/finalizers + - servers/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversadministrators + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversadministrators/finalizers + - serversadministrators/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversadvancedthreatprotectionsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversadvancedthreatprotectionsettings/finalizers + - serversadvancedthreatprotectionsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversauditingsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversauditingsettings/finalizers + - serversauditingsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversazureadonlyauthentications + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversazureadonlyauthentications/finalizers + - serversazureadonlyauthentications/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversconnectionpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversconnectionpolicies/finalizers + - serversconnectionpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabases/finalizers + - serversdatabases/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesadvancedthreatprotectionsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesadvancedthreatprotectionsettings/finalizers + - serversdatabasesadvancedthreatprotectionsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesauditingsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesauditingsettings/finalizers + - serversdatabasesauditingsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesbackuplongtermretentionpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesbackuplongtermretentionpolicies/finalizers + - serversdatabasesbackuplongtermretentionpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesbackupshorttermretentionpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesbackupshorttermretentionpolicies/finalizers + - serversdatabasesbackupshorttermretentionpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasessecurityalertpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasessecurityalertpolicies/finalizers + - serversdatabasessecurityalertpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasestransparentdataencryptions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasestransparentdataencryptions/finalizers + - serversdatabasestransparentdataencryptions/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesvulnerabilityassessments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesvulnerabilityassessments/finalizers + - serversdatabasesvulnerabilityassessments/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serverselasticpools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serverselasticpools/finalizers + - serverselasticpools/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversfailovergroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversfailovergroups/finalizers + - serversfailovergroups/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversfirewallrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversfirewallrules/finalizers + - serversfirewallrules/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversipv6firewallrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversipv6firewallrules/finalizers + - serversipv6firewallrules/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversoutboundfirewallrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversoutboundfirewallrules/finalizers + - serversoutboundfirewallrules/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serverssecurityalertpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serverssecurityalertpolicies/finalizers + - serverssecurityalertpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversvirtualnetworkrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversvirtualnetworkrules/finalizers + - serversvirtualnetworkrules/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversvulnerabilityassessments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversvulnerabilityassessments/finalizers + - serversvulnerabilityassessments/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccounts/finalizers + - storageaccounts/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsblobservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsblobservices/finalizers + - storageaccountsblobservices/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsblobservicescontainers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsblobservicescontainers/finalizers + - storageaccountsblobservicescontainers/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsfileservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsfileservices/finalizers + - storageaccountsfileservices/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsfileservicesshares + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsfileservicesshares/finalizers + - storageaccountsfileservicesshares/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsmanagementpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsmanagementpolicies/finalizers + - storageaccountsmanagementpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsqueueservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsqueueservices/finalizers + - storageaccountsqueueservices/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsqueueservicesqueues + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsqueueservicesqueues/finalizers + - storageaccountsqueueservicesqueues/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountstableservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountstableservices/finalizers + - storageaccountstableservices/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountstableservicestables + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountstableservicestables/finalizers + - storageaccountstableservicestables/status + verbs: + - get + - patch + - update +- apiGroups: + - subscription.azure.com + resources: + - aliases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - subscription.azure.com + resources: + - aliases/finalizers + - aliases/status + verbs: + - get + - patch + - update +- apiGroups: + - synapse.azure.com + resources: + - workspaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - synapse.azure.com + resources: + - workspaces/finalizers + - workspaces/status + verbs: + - get + - patch + - update +- apiGroups: + - synapse.azure.com + resources: + - workspacesbigdatapools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - synapse.azure.com + resources: + - workspacesbigdatapools/finalizers + - workspacesbigdatapools/status + verbs: + - get + - patch + - update +- apiGroups: + - web.azure.com + resources: + - serverfarms + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - web.azure.com + resources: + - serverfarms/finalizers + - serverfarms/status + verbs: + - get + - patch + - update +- apiGroups: + - web.azure.com + resources: + - sites + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - web.azure.com + resources: + - sites/finalizers + - sites/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: azureserviceoperator-proxy-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-manager-role +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - bootstrap.cluster.x-k8s.io + resources: + - kubeadmconfigs + - kubeadmconfigs/status + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + verbs: + - get + - list + - patch + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinepools + - machinepools/status + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machines + - machines/status + verbs: + - delete + - get + - list + - watch +- apiGroups: + - containerservice.azure.com + resources: + - fleetsmembers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - fleetsmembers/status + verbs: + - get + - list + - watch +- apiGroups: + - containerservice.azure.com + resources: + - managedclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - managedclusters/status + verbs: + - get + - list + - watch +- apiGroups: + - containerservice.azure.com + resources: + - managedclustersagentpools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - managedclustersagentpools/status + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azureclusteridentities + - azureclusteridentities/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azureclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azureclusters/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremachinepoolmachines + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremachinepoolmachines/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremachinepools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremachinepools/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremachines + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremachines/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremachinetemplates + - azuremachinetemplates/status + verbs: + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremanagedclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremanagedclusters/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremanagedcontrolplanes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremanagedcontrolplanes/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremanagedmachinepools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremanagedmachinepools/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - bastionhosts + - natgateways + - privateendpoints + - virtualnetworks + - virtualnetworkssubnets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - bastionhosts/status + - natgateways/status + - privateendpoints/status + - virtualnetworks/status + - virtualnetworkssubnets/status + verbs: + - get + - list + - watch +- apiGroups: + - network.azure.com + resources: + - privateendpoints + - virtualnetworks + - virtualnetworkssubnets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privateendpoints/status + - virtualnetworks/status + - virtualnetworkssubnets/status + verbs: + - get + - list + - watch +- apiGroups: + - resources.azure.com + resources: + - resourcegroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - resources.azure.com + resources: + - resourcegroups/status + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: azureserviceoperator-leader-election-rolebinding + namespace: capz-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: azureserviceoperator-leader-election-role +subjects: +- kind: ServiceAccount + name: azureserviceoperator-default + namespace: capz-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-leader-election-rolebinding + namespace: capz-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: capz-leader-election-role +subjects: +- kind: ServiceAccount + name: capz-manager + namespace: capz-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: azureserviceoperator-crd-reader-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: azureserviceoperator-crd-reader-role +subjects: +- kind: ServiceAccount + name: azureserviceoperator-default + namespace: capz-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: azureserviceoperator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: azureserviceoperator-manager-role +subjects: +- kind: ServiceAccount + name: azureserviceoperator-default + namespace: capz-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: azureserviceoperator-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: azureserviceoperator-proxy-role +subjects: +- kind: ServiceAccount + name: azureserviceoperator-default + namespace: capz-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: capz-manager-role +subjects: +- kind: ServiceAccount + name: capz-manager + namespace: capz-system +--- +apiVersion: v1 +kind: Secret +metadata: + name: aso-controller-settings + namespace: capz-system +stringData: + AZURE_AUTHORITY_HOST: ${AZURE_AUTHORITY_HOST:=""} + AZURE_CLIENT_ID: "" + AZURE_RESOURCE_MANAGER_AUDIENCE: ${AZURE_RESOURCE_MANAGER_AUDIENCE:=""} + AZURE_RESOURCE_MANAGER_ENDPOINT: ${AZURE_RESOURCE_MANAGER_ENDPOINT:=""} + AZURE_SUBSCRIPTION_ID: "" + AZURE_SYNC_PERIOD: ${AZURE_SYNC_PERIOD:=""} + AZURE_TENANT_ID: "" +type: Opaque +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.5.0 + control-plane: controller-manager + name: azureserviceoperator-controller-manager-metrics-service + namespace: capz-system +spec: + ports: + - name: metrics + port: 8080 + selector: + control-plane: controller-manager +--- +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: azureserviceoperator-proxy-service + namespace: capz-system +spec: + ports: + - name: https + port: 8443 + targetPort: https + selector: + control-plane: controller-manager +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.5.0 + name: azureserviceoperator-webhook-service + namespace: capz-system +spec: + ports: + - port: 443 + targetPort: 9443 + selector: + control-plane: controller-manager +--- +apiVersion: v1 +kind: Service +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-webhook-service + namespace: capz-system +spec: + ports: + - port: 443 + targetPort: webhook-server + selector: + cluster.x-k8s.io/provider: infrastructure-azure +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.5.0 + control-plane: controller-manager + name: azureserviceoperator-controller-manager + namespace: capz-system +spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + aadpodidbinding: aso-manager-binding + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.5.0 + control-plane: controller-manager + spec: + containers: + - args: + - --metrics-addr=:8080 + - --health-addr=:8081 + - --enable-leader-election + - --v=2 + - --crd-pattern= + - --webhook-port=9443 + - --webhook-cert-dir=/tmp/k8s-webhook-server/serving-certs + env: + - name: AZURE_CLIENT_ID + valueFrom: + secretKeyRef: + key: AZURE_CLIENT_ID + name: aso-controller-settings + - name: AZURE_CLIENT_SECRET + valueFrom: + secretKeyRef: + key: AZURE_CLIENT_SECRET + name: aso-controller-settings + optional: true + - name: AZURE_TENANT_ID + valueFrom: + secretKeyRef: + key: AZURE_TENANT_ID + name: aso-controller-settings + - name: AZURE_SUBSCRIPTION_ID + valueFrom: + secretKeyRef: + key: AZURE_SUBSCRIPTION_ID + name: aso-controller-settings + - name: AZURE_CLIENT_CERTIFICATE + valueFrom: + secretKeyRef: + key: AZURE_CLIENT_CERTIFICATE + name: aso-controller-settings + optional: true + - name: AZURE_CLIENT_CERTIFICATE_PASSWORD + valueFrom: + secretKeyRef: + key: AZURE_CLIENT_CERTIFICATE_PASSWORD + name: aso-controller-settings + optional: true + - name: AZURE_AUTHORITY_HOST + valueFrom: + secretKeyRef: + key: AZURE_AUTHORITY_HOST + name: aso-controller-settings + optional: true + - name: AZURE_RESOURCE_MANAGER_ENDPOINT + valueFrom: + secretKeyRef: + key: AZURE_RESOURCE_MANAGER_ENDPOINT + name: aso-controller-settings + optional: true + - name: AZURE_RESOURCE_MANAGER_AUDIENCE + valueFrom: + secretKeyRef: + key: AZURE_RESOURCE_MANAGER_AUDIENCE + name: aso-controller-settings + optional: true + - name: AZURE_TARGET_NAMESPACES + valueFrom: + secretKeyRef: + key: AZURE_TARGET_NAMESPACES + name: aso-controller-settings + optional: true + - name: AZURE_OPERATOR_MODE + valueFrom: + secretKeyRef: + key: AZURE_OPERATOR_MODE + name: aso-controller-settings + optional: true + - name: AZURE_SYNC_PERIOD + valueFrom: + secretKeyRef: + key: AZURE_SYNC_PERIOD + name: aso-controller-settings + optional: true + - name: USE_WORKLOAD_IDENTITY_AUTH + valueFrom: + secretKeyRef: + key: USE_WORKLOAD_IDENTITY_AUTH + name: aso-controller-settings + optional: true + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: mcr.microsoft.com/k8s/azureserviceoperator:v2.5.0 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 60 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 8081 + name: health-port + protocol: TCP + - containerPort: 8080 + name: metrics-port + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 60 + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 200m + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /var/run/secrets/tokens + name: azure-identity + readOnly: true + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=10 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: azureserviceoperator-default + terminationGracePeriodSeconds: 10 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert + - name: azure-identity + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + audience: api://AzureADTokenExchange + expirationSeconds: 3600 + path: azure-identity +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + control-plane: capz-controller-manager + name: capz-controller-manager + namespace: capz-system +spec: + replicas: 1 + selector: + matchLabels: + cluster.x-k8s.io/provider: infrastructure-azure + control-plane: capz-controller-manager + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + azure.workload.identity/use: "true" + cluster.x-k8s.io/provider: infrastructure-azure + control-plane: capz-controller-manager + spec: + containers: + - args: + - --leader-elect + - --diagnostics-address=${CAPZ_DIAGNOSTICS_ADDRESS:=:8443} + - --insecure-diagnostics=${CAPZ_INSECURE_DIAGNOSTICS:=false} + - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=false},AKSResourceHealth=${EXP_AKS_RESOURCE_HEALTH:=false},EdgeZone=${EXP_EDGEZONE:=false} + - --v=0 + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/cluster-api-azure/cluster-api-azure-controller:v1.13.1 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + periodSeconds: 10 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + - containerPort: 8443 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + initialDelaySeconds: 10 + periodSeconds: 10 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsGroup: 65532 + runAsUser: 65532 + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + - mountPath: /var/run/secrets/azure/tokens + name: azure-identity-token + readOnly: true + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: capz-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: capz-webhook-service-cert + - name: azure-identity-token + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + audience: api://AzureADTokenExchange + expirationSeconds: 3600 + path: azure-identity-token +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: azureserviceoperator-serving-cert + namespace: capz-system +spec: + dnsNames: + - azureserviceoperator-webhook-service.capz-system.svc + - azureserviceoperator-webhook-service.capz-system.svc.cluster.local + issuerRef: + kind: Issuer + name: azureserviceoperator-selfsigned-issuer + secretName: webhook-server-cert +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-serving-cert + namespace: capz-system +spec: + dnsNames: + - capz-webhook-service.capz-system.svc + - capz-webhook-service.capz-system.svc.cluster.local + issuerRef: + kind: Issuer + name: capz-selfsigned-issuer + secretName: capz-webhook-service-cert +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: azureserviceoperator-selfsigned-issuer + namespace: capz-system +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-selfsigned-issuer + namespace: capz-system +spec: + selfSigned: {} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + name: azureserviceoperator-mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-api + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.apis.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - apis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-apiversionset + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.apiversionsets.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - apiversionsets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-backend + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.backends.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - backends + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-namedvalue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.namedvalues.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - namedvalues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-policy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.policies.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - policies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-policyfragment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.policyfragments.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - policyfragments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-product + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.products.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - products + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-service + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.services.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - services + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-subscription + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.subscriptions.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - subscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-appconfiguration-azure-com-v1api20220501-configurationstore + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220501.configurationstores.appconfiguration.azure.com + rules: + - apiGroups: + - appconfiguration.azure.com + apiVersions: + - v1api20220501 + operations: + - CREATE + - UPDATE + resources: + - configurationstores + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-authorization-azure-com-v1api20200801preview-roleassignment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200801preview.roleassignments.authorization.azure.com + rules: + - apiGroups: + - authorization.azure.com + apiVersions: + - v1api20200801preview + operations: + - CREATE + - UPDATE + resources: + - roleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-authorization-azure-com-v1api20220401-roleassignment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220401.roleassignments.authorization.azure.com + rules: + - apiGroups: + - authorization.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - roleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-batch-azure-com-v1api20210101-batchaccount + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101.batchaccounts.batch.azure.com + rules: + - apiGroups: + - batch.azure.com + apiVersions: + - v1api20210101 + operations: + - CREATE + - UPDATE + resources: + - batchaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20201201-redis + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.redis.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20201201-redisfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.redisfirewallrules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redisfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20201201-redislinkedserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.redislinkedservers.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redislinkedservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20201201-redispatchschedule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.redispatchschedules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redispatchschedules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20210301-redisenterprisedatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210301.redisenterprisedatabases.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20210301 + operations: + - CREATE + - UPDATE + resources: + - redisenterprisedatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20210301-redisenterprise + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210301.redisenterprises.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20210301 + operations: + - CREATE + - UPDATE + resources: + - redisenterprises + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20230401-redis + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230401.redis.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20230401-redisfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230401.redisfirewallrules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redisfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20230401-redislinkedserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230401.redislinkedservers.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redislinkedservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20230401-redispatchschedule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230401.redispatchschedules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redispatchschedules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20230701-redisenterprisedatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230701.redisenterprisedatabases.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230701 + operations: + - CREATE + - UPDATE + resources: + - redisenterprisedatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20230701-redisenterprise + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230701.redisenterprises.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230701 + operations: + - CREATE + - UPDATE + resources: + - redisenterprises + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cdn-azure-com-v1api20210601-profile + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.profiles.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - profiles + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cdn-azure-com-v1api20210601-profilesendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.profilesendpoints.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - profilesendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20200930-disk + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200930.disks.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20200930 + operations: + - CREATE + - UPDATE + resources: + - disks + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20200930-snapshot + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200930.snapshots.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20200930 + operations: + - CREATE + - UPDATE + resources: + - snapshots + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20201201-virtualmachine + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.virtualmachines.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - virtualmachines + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20201201-virtualmachinescaleset + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.virtualmachinescalesets.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinescalesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20210701-image + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210701.images.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - images + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20220301-image + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220301.images.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - images + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20220301-virtualmachine + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220301.virtualmachines.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - virtualmachines + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20220301-virtualmachinescaleset + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220301.virtualmachinescalesets.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinescalesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20220702-diskencryptionset + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220702.diskencryptionsets.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220702 + operations: + - CREATE + - UPDATE + resources: + - diskencryptionsets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerinstance-azure-com-v1api20211001-containergroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211001.containergroups.containerinstance.azure.com + rules: + - apiGroups: + - containerinstance.azure.com + apiVersions: + - v1api20211001 + operations: + - CREATE + - UPDATE + resources: + - containergroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerregistry-azure-com-v1api20210901-registry + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210901.registries.containerregistry.azure.com + rules: + - apiGroups: + - containerregistry.azure.com + apiVersions: + - v1api20210901 + operations: + - CREATE + - UPDATE + resources: + - registries + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20210501-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210501.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20210501-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210501.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230201-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230201.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230201 + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230201-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230201.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230201 + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230202preview-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230202preview.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230202preview + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230202preview-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230202preview.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230202preview + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230202preview-trustedaccessrolebinding + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230202preview.trustedaccessrolebindings.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230202preview + operations: + - CREATE + - UPDATE + resources: + - trustedaccessrolebindings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230315preview-fleet + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230315preview.fleets.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230315preview + operations: + - CREATE + - UPDATE + resources: + - fleets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230315preview-fleetsmember + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230315preview.fleetsmembers.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230315preview + operations: + - CREATE + - UPDATE + resources: + - fleetsmembers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230315preview-fleetsupdaterun + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230315preview.fleetsupdateruns.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230315preview + operations: + - CREATE + - UPDATE + resources: + - fleetsupdateruns + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20231001-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231001.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20231001 + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20231001-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231001.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20231001 + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-datafactory-azure-com-v1api20180601-factory + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180601.factories.datafactory.azure.com + rules: + - apiGroups: + - datafactory.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - factories + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dataprotection-azure-com-v1api20230101-backupvault + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.backupvaults.dataprotection.azure.com + rules: + - apiGroups: + - dataprotection.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - backupvaults + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dataprotection-azure-com-v1api20230101-backupvaultsbackuppolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.backupvaultsbackuppolicies.dataprotection.azure.com + rules: + - apiGroups: + - dataprotection.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - backupvaultsbackuppolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformariadb-azure-com-v1api20180601-configuration + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180601.configurations.dbformariadb.azure.com + rules: + - apiGroups: + - dbformariadb.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - configurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformariadb-azure-com-v1api20180601-database + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180601.databases.dbformariadb.azure.com + rules: + - apiGroups: + - dbformariadb.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - databases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformariadb-azure-com-v1api20180601-server + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180601.servers.dbformariadb.azure.com + rules: + - apiGroups: + - dbformariadb.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - servers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformysql-azure-com-v1api20210501-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210501.flexibleservers.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformysql-azure-com-v1api20210501-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210501.flexibleserversdatabases.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformysql-azure-com-v1api20210501-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210501.flexibleserversfirewallrules.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformysql-azure-com-v1api20220101-flexibleserversadministrator + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220101.flexibleserversadministrators.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20220101 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversadministrators + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformysql-azure-com-v1api20220101-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220101.flexibleserversconfigurations.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20220101 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformysql-azure-com-v1-user + failurePolicy: Fail + matchPolicy: Exact + name: default.v1.users.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - users + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20210601-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.flexibleservers.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20210601-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.flexibleserversconfigurations.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20210601-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.flexibleserversdatabases.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20210601-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.flexibleserversfirewallrules.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220120preview.flexibleservers.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220120preview.flexibleserversconfigurations.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220120preview.flexibleserversdatabases.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220120preview.flexibleserversfirewallrules.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20221201-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221201.flexibleservers.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20221201 + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20221201-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221201.flexibleserversconfigurations.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20221201 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20221201-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221201.flexibleserversdatabases.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20221201 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20221201-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221201.flexibleserversfirewallrules.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20221201 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1-user + failurePolicy: Fail + matchPolicy: Exact + name: default.v1.users.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - users + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-devices-azure-com-v1api20210702-iothub + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210702.iothubs.devices.azure.com + rules: + - apiGroups: + - devices.azure.com + apiVersions: + - v1api20210702 + operations: + - CREATE + - UPDATE + resources: + - iothubs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-databaseaccount + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.databaseaccounts.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - databaseaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-mongodbdatabasecollection + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.mongodbdatabasecollections.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasecollections + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-mongodbdatabasecollectionthroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.mongodbdatabasecollectionthroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasecollectionthroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-mongodbdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.mongodbdatabases.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-mongodbdatabasethroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.mongodbdatabasethroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasethroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabasecontainer + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabasecontainers.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabasecontainerstoredprocedure + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabasecontainerstoredprocedures.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainerstoredprocedures + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabasecontainerthroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabasecontainerthroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainerthroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabasecontainertrigger + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabasecontainertriggers.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainertriggers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabasecontaineruserdefinedfunction + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabasecontaineruserdefinedfunctions.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontaineruserdefinedfunctions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabases.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabasethroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabasethroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasethroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqlroleassignment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqlroleassignments.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqlroleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventgrid-azure-com-v1api20200601-domain + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.domains.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - domains + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventgrid-azure-com-v1api20200601-domainstopic + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.domainstopics.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - domainstopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventgrid-azure-com-v1api20200601-eventsubscription + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.eventsubscriptions.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - eventsubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventgrid-azure-com-v1api20200601-topic + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.topics.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - topics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventhub-azure-com-v1api20211101-namespace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespaces.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventhub-azure-com-v1api20211101-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespacesauthorizationrules.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventhub-azure-com-v1api20211101-namespaceseventhub + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespaceseventhubs.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaceseventhubs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventhub-azure-com-v1api20211101-namespaceseventhubsauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespaceseventhubsauthorizationrules.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaceseventhubsauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventhub-azure-com-v1api20211101-namespaceseventhubsconsumergroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespaceseventhubsconsumergroups.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaceseventhubsconsumergroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-insights-azure-com-v1api20180301-metricalert + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180301.metricalerts.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20180301 + operations: + - CREATE + - UPDATE + resources: + - metricalerts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-insights-azure-com-v1api20180501preview-webtest + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501preview.webtests.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20180501preview + operations: + - CREATE + - UPDATE + resources: + - webtests + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-insights-azure-com-v1api20200202-component + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200202.components.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20200202 + operations: + - CREATE + - UPDATE + resources: + - components + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-insights-azure-com-v1api20220615-scheduledqueryrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220615.scheduledqueryrules.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20220615 + operations: + - CREATE + - UPDATE + resources: + - scheduledqueryrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-insights-azure-com-v1api20221001-autoscalesetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001.autoscalesettings.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20221001 + operations: + - CREATE + - UPDATE + resources: + - autoscalesettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-insights-azure-com-v1api20230101-actiongroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.actiongroups.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - actiongroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-keyvault-azure-com-v1api20210401preview-vault + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401preview.vaults.keyvault.azure.com + rules: + - apiGroups: + - keyvault.azure.com + apiVersions: + - v1api20210401preview + operations: + - CREATE + - UPDATE + resources: + - vaults + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-keyvault-azure-com-v1api20230701-vault + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230701.vaults.keyvault.azure.com + rules: + - apiGroups: + - keyvault.azure.com + apiVersions: + - v1api20230701 + operations: + - CREATE + - UPDATE + resources: + - vaults + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-kubernetesconfiguration-azure-com-v1api20230501-extension + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501.extensions.kubernetesconfiguration.azure.com + rules: + - apiGroups: + - kubernetesconfiguration.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - extensions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-machinelearningservices-azure-com-v1api20210701-workspace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210701.workspaces.machinelearningservices.azure.com + rules: + - apiGroups: + - machinelearningservices.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - workspaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-machinelearningservices-azure-com-v1api20210701-workspacescompute + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210701.workspacescomputes.machinelearningservices.azure.com + rules: + - apiGroups: + - machinelearningservices.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - workspacescomputes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-machinelearningservices-azure-com-v1api20210701-workspacesconnection + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210701.workspacesconnections.machinelearningservices.azure.com + rules: + - apiGroups: + - machinelearningservices.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - workspacesconnections + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-managedidentity-azure-com-v1api20181130-userassignedidentity + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20181130.userassignedidentities.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20181130 + operations: + - CREATE + - UPDATE + resources: + - userassignedidentities + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-managedidentity-azure-com-v1api20220131preview-federatedidentitycredential + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220131preview.federatedidentitycredentials.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20220131preview + operations: + - CREATE + - UPDATE + resources: + - federatedidentitycredentials + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-managedidentity-azure-com-v1api20230131-federatedidentitycredential + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230131.federatedidentitycredentials.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20230131 + operations: + - CREATE + - UPDATE + resources: + - federatedidentitycredentials + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-managedidentity-azure-com-v1api20230131-userassignedidentity + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230131.userassignedidentities.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20230131 + operations: + - CREATE + - UPDATE + resources: + - userassignedidentities + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszone + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszones.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszones + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonesaaaarecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonesaaaarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesaaaarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonesarecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonesarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonescaarecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonescaarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonescaarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonescnamerecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonescnamerecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonescnamerecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonesmxrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonesmxrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesmxrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonesnsrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonesnsrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesnsrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonesptrrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonesptrrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesptrrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonessrvrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonessrvrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonessrvrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonestxtrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonestxtrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonestxtrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180901-privatednszone + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180901.privatednszones.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180901 + operations: + - CREATE + - UPDATE + resources: + - privatednszones + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonesaaaarecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonesaaaarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesaaaarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonesarecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonesarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonescnamerecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonescnamerecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonescnamerecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonesmxrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonesmxrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesmxrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonesptrrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonesptrrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesptrrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonessrvrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonessrvrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonessrvrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonestxtrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonestxtrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonestxtrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonesvirtualnetworklink + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonesvirtualnetworklinks.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesvirtualnetworklinks + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-loadbalancer + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.loadbalancers.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - loadbalancers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-loadbalancersinboundnatrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.loadbalancersinboundnatrules.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - loadbalancersinboundnatrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-networkinterface + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.networkinterfaces.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - networkinterfaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-networksecuritygroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.networksecuritygroups.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - networksecuritygroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-networksecuritygroupssecurityrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.networksecuritygroupssecurityrules.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - networksecuritygroupssecurityrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-publicipaddress + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.publicipaddresses.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - publicipaddresses + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-routetable + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.routetables.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - routetables + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-routetablesroute + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.routetablesroutes.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - routetablesroutes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-virtualnetworkgateway + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.virtualnetworkgateways.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworkgateways + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-virtualnetwork + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.virtualnetworks.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworks + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-virtualnetworkssubnet + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.virtualnetworkssubnets.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworkssubnets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-virtualnetworksvirtualnetworkpeering + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.virtualnetworksvirtualnetworkpeerings.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworksvirtualnetworkpeerings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220401-trafficmanagerprofile + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220401.trafficmanagerprofiles.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofiles + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220401-trafficmanagerprofilesazureendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220401.trafficmanagerprofilesazureendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofilesazureendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220401-trafficmanagerprofilesexternalendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220401.trafficmanagerprofilesexternalendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofilesexternalendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220401-trafficmanagerprofilesnestedendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220401.trafficmanagerprofilesnestedendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofilesnestedendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-applicationgateway + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.applicationgateways.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - applicationgateways + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-bastionhost + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.bastionhosts.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - bastionhosts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-dnsforwardingruleset + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.dnsforwardingrulesets.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsforwardingrulesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-dnsforwardingrulesetsforwardingrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.dnsforwardingrulesetsforwardingrules.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsforwardingrulesetsforwardingrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-dnsresolver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.dnsresolvers.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsresolvers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-dnsresolversinboundendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.dnsresolversinboundendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsresolversinboundendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-dnsresolversoutboundendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.dnsresolversoutboundendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsresolversoutboundendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-natgateway + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.natgateways.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - natgateways + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-privateendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.privateendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - privateendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-privateendpointsprivatednszonegroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.privateendpointsprivatednszonegroups.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - privateendpointsprivatednszonegroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-privatelinkservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.privatelinkservices.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - privatelinkservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-publicipprefix + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.publicipprefixes.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - publicipprefixes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-operationalinsights-azure-com-v1api20210601-workspace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.workspaces.operationalinsights.azure.com + rules: + - apiGroups: + - operationalinsights.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - workspaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-resources-azure-com-v1api20200601-resourcegroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.resourcegroups.resources.azure.com + rules: + - apiGroups: + - resources.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - resourcegroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-search-azure-com-v1api20220901-searchservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.searchservices.search.azure.com + rules: + - apiGroups: + - search.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - searchservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20210101preview-namespace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101preview.namespaces.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20210101preview-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101preview.namespacesauthorizationrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20210101preview-namespacesqueue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101preview.namespacesqueues.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20210101preview-namespacestopic + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101preview.namespacestopics.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20210101preview-namespacestopicssubscription + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101preview.namespacestopicssubscriptions.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20210101preview-namespacestopicssubscriptionsrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101preview.namespacestopicssubscriptionsrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptionsrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20211101-namespace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespaces.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20211101-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespacesauthorizationrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20211101-namespacesqueue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespacesqueues.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20211101-namespacestopic + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespacestopics.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacestopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20211101-namespacestopicssubscription + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespacestopicssubscriptions.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20211101-namespacestopicssubscriptionsrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespacestopicssubscriptionsrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptionsrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20221001preview-namespace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001preview.namespaces.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20221001preview-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001preview.namespacesauthorizationrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20221001preview-namespacesqueue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001preview.namespacesqueues.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20221001preview-namespacestopic + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001preview.namespacestopics.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20221001preview-namespacestopicssubscription + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001preview.namespacestopicssubscriptions.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20221001preview-namespacestopicssubscriptionsrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001preview.namespacestopicssubscriptionsrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptionsrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-signalrservice-azure-com-v1api20211001-signalr + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211001.signalrs.signalrservice.azure.com + rules: + - apiGroups: + - signalrservice.azure.com + apiVersions: + - v1api20211001 + operations: + - CREATE + - UPDATE + resources: + - signalrs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-server + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.servers.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - servers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversadministrator + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversadministrators.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversadministrators + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversadvancedthreatprotectionsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversadvancedthreatprotectionsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversadvancedthreatprotectionsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversauditingsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversauditingsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversauditingsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversazureadonlyauthentication + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversazureadonlyauthentications.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversazureadonlyauthentications + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversconnectionpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversconnectionpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversconnectionpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabases.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabasesadvancedthreatprotectionsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasesadvancedthreatprotectionsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesadvancedthreatprotectionsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabasesauditingsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasesauditingsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesauditingsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabasesbackuplongtermretentionpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasesbackuplongtermretentionpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesbackuplongtermretentionpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabasesbackupshorttermretentionpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasesbackupshorttermretentionpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesbackupshorttermretentionpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabasessecurityalertpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasessecurityalertpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasessecurityalertpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabasestransparentdataencryption + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasestransparentdataencryptions.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasestransparentdataencryptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabasesvulnerabilityassessment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasesvulnerabilityassessments.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesvulnerabilityassessments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serverselasticpool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serverselasticpools.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serverselasticpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversfailovergroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversfailovergroups.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversfailovergroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversfirewallrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversipv6firewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversipv6firewallrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversipv6firewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversoutboundfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversoutboundfirewallrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversoutboundfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serverssecurityalertpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serverssecurityalertpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serverssecurityalertpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversvirtualnetworkrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversvirtualnetworkrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversvirtualnetworkrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversvulnerabilityassessment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversvulnerabilityassessments.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversvulnerabilityassessments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20210401-storageaccount + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401.storageaccounts.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20210401-storageaccountsblobservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401.storageaccountsblobservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20210401-storageaccountsblobservicescontainer + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401.storageaccountsblobservicescontainers.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservicescontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20210401-storageaccountsmanagementpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401.storageaccountsmanagementpolicies.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsmanagementpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20210401-storageaccountsqueueservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401.storageaccountsqueueservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20210401-storageaccountsqueueservicesqueue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401.storageaccountsqueueservicesqueues.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservicesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccount + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccounts.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountsblobservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsblobservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountsblobservicescontainer + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsblobservicescontainers.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservicescontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountsfileservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsfileservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountsfileservicesshare + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsfileservicesshares.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservicesshares + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountsmanagementpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsmanagementpolicies.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsmanagementpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountsqueueservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsqueueservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountsqueueservicesqueue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsqueueservicesqueues.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservicesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountstableservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountstableservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountstableservicestable + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountstableservicestables.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservicestables + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20230101-storageaccount + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccounts.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20230101-storageaccountsblobservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountsblobservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20230101-storageaccountsblobservicescontainer + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountsblobservicescontainers.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservicescontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20230101-storageaccountsfileservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountsfileservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20230101-storageaccountsfileservicesshare + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountsfileservicesshares.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservicesshares + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20230101-storageaccountsmanagementpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountsmanagementpolicies.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsmanagementpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20230101-storageaccountsqueueservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountsqueueservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20230101-storageaccountsqueueservicesqueue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountsqueueservicesqueues.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservicesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20230101-storageaccountstableservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountstableservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20230101-storageaccountstableservicestable + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountstableservicestables.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservicestables + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-subscription-azure-com-v1api20211001-alias + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211001.aliases.subscription.azure.com + rules: + - apiGroups: + - subscription.azure.com + apiVersions: + - v1api20211001 + operations: + - CREATE + - UPDATE + resources: + - aliases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-synapse-azure-com-v1api20210601-workspace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.workspaces.synapse.azure.com + rules: + - apiGroups: + - synapse.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - workspaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-synapse-azure-com-v1api20210601-workspacesbigdatapool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.workspacesbigdatapools.synapse.azure.com + rules: + - apiGroups: + - synapse.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - workspacesbigdatapools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-web-azure-com-v1api20220301-serverfarm + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220301.serverfarms.web.azure.com + rules: + - apiGroups: + - web.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - serverfarms + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-web-azure-com-v1api20220301-site + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220301.sites.web.azure.com + rules: + - apiGroups: + - web.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - sites + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azurecluster + failurePolicy: Fail + matchPolicy: Equivalent + name: default.azurecluster.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azureclusters + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azureclustertemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: default.azureclustertemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azureclustertemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachine + failurePolicy: Fail + matchPolicy: Equivalent + name: default.azuremachine.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremachines + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinetemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: default.azuremachinetemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremachinetemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedcontrolplane + failurePolicy: Fail + name: default.azuremanagedcontrolplanes.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremanagedcontrolplanes + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedcontrolplanetemplate + failurePolicy: Fail + name: default.azuremanagedcontrolplanetemplates.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremanagedcontrolplanetemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedmachinepool + failurePolicy: Fail + matchPolicy: Equivalent + name: default.azuremanagedmachinepools.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremanagedmachinepools + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedmachinepooltemplate + failurePolicy: Fail + name: default.azuremanagedmachinepooltemplates.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremanagedmachinepooltemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinepool + failurePolicy: Fail + name: default.azuremachinepool.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremachinepools + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + name: azureserviceoperator-validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-api + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.apis.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - apis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-apiversionset + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.apiversionsets.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - apiversionsets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-backend + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.backends.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - backends + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-namedvalue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.namedvalues.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - namedvalues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-policy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.policies.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - policies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-policyfragment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.policyfragments.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - policyfragments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-product + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.products.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - products + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-service + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.services.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - services + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-subscription + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.subscriptions.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - subscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-appconfiguration-azure-com-v1api20220501-configurationstore + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220501.configurationstores.appconfiguration.azure.com + rules: + - apiGroups: + - appconfiguration.azure.com + apiVersions: + - v1api20220501 + operations: + - CREATE + - UPDATE + resources: + - configurationstores + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-authorization-azure-com-v1api20200801preview-roleassignment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200801preview.roleassignments.authorization.azure.com + rules: + - apiGroups: + - authorization.azure.com + apiVersions: + - v1api20200801preview + operations: + - CREATE + - UPDATE + resources: + - roleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-authorization-azure-com-v1api20220401-roleassignment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220401.roleassignments.authorization.azure.com + rules: + - apiGroups: + - authorization.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - roleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-batch-azure-com-v1api20210101-batchaccount + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101.batchaccounts.batch.azure.com + rules: + - apiGroups: + - batch.azure.com + apiVersions: + - v1api20210101 + operations: + - CREATE + - UPDATE + resources: + - batchaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20201201-redis + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.redis.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20201201-redisfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.redisfirewallrules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redisfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20201201-redislinkedserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.redislinkedservers.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redislinkedservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20201201-redispatchschedule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.redispatchschedules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redispatchschedules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20210301-redisenterprisedatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210301.redisenterprisedatabases.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20210301 + operations: + - CREATE + - UPDATE + resources: + - redisenterprisedatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20210301-redisenterprise + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210301.redisenterprises.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20210301 + operations: + - CREATE + - UPDATE + resources: + - redisenterprises + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20230401-redis + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230401.redis.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20230401-redisfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230401.redisfirewallrules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redisfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20230401-redislinkedserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230401.redislinkedservers.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redislinkedservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20230401-redispatchschedule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230401.redispatchschedules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redispatchschedules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20230701-redisenterprisedatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230701.redisenterprisedatabases.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230701 + operations: + - CREATE + - UPDATE + resources: + - redisenterprisedatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20230701-redisenterprise + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230701.redisenterprises.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230701 + operations: + - CREATE + - UPDATE + resources: + - redisenterprises + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cdn-azure-com-v1api20210601-profile + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.profiles.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - profiles + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cdn-azure-com-v1api20210601-profilesendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.profilesendpoints.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - profilesendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20200930-disk + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200930.disks.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20200930 + operations: + - CREATE + - UPDATE + resources: + - disks + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20200930-snapshot + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200930.snapshots.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20200930 + operations: + - CREATE + - UPDATE + resources: + - snapshots + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20201201-virtualmachine + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.virtualmachines.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - virtualmachines + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20201201-virtualmachinescaleset + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.virtualmachinescalesets.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinescalesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20210701-image + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210701.images.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - images + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20220301-image + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220301.images.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - images + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20220301-virtualmachine + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220301.virtualmachines.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - virtualmachines + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20220301-virtualmachinescaleset + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220301.virtualmachinescalesets.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinescalesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20220702-diskencryptionset + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220702.diskencryptionsets.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220702 + operations: + - CREATE + - UPDATE + resources: + - diskencryptionsets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerinstance-azure-com-v1api20211001-containergroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211001.containergroups.containerinstance.azure.com + rules: + - apiGroups: + - containerinstance.azure.com + apiVersions: + - v1api20211001 + operations: + - CREATE + - UPDATE + resources: + - containergroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerregistry-azure-com-v1api20210901-registry + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210901.registries.containerregistry.azure.com + rules: + - apiGroups: + - containerregistry.azure.com + apiVersions: + - v1api20210901 + operations: + - CREATE + - UPDATE + resources: + - registries + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20210501-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210501.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20210501-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210501.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230201-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230201.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230201 + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230201-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230201.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230201 + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230202preview-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230202preview.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230202preview + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230202preview-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230202preview.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230202preview + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230202preview-trustedaccessrolebinding + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230202preview.trustedaccessrolebindings.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230202preview + operations: + - CREATE + - UPDATE + resources: + - trustedaccessrolebindings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230315preview-fleet + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230315preview.fleets.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230315preview + operations: + - CREATE + - UPDATE + resources: + - fleets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230315preview-fleetsmember + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230315preview.fleetsmembers.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230315preview + operations: + - CREATE + - UPDATE + resources: + - fleetsmembers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230315preview-fleetsupdaterun + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230315preview.fleetsupdateruns.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230315preview + operations: + - CREATE + - UPDATE + resources: + - fleetsupdateruns + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20231001-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231001.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20231001 + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20231001-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231001.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20231001 + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-datafactory-azure-com-v1api20180601-factory + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180601.factories.datafactory.azure.com + rules: + - apiGroups: + - datafactory.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - factories + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dataprotection-azure-com-v1api20230101-backupvault + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.backupvaults.dataprotection.azure.com + rules: + - apiGroups: + - dataprotection.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - backupvaults + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dataprotection-azure-com-v1api20230101-backupvaultsbackuppolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.backupvaultsbackuppolicies.dataprotection.azure.com + rules: + - apiGroups: + - dataprotection.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - backupvaultsbackuppolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformariadb-azure-com-v1api20180601-configuration + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180601.configurations.dbformariadb.azure.com + rules: + - apiGroups: + - dbformariadb.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - configurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformariadb-azure-com-v1api20180601-database + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180601.databases.dbformariadb.azure.com + rules: + - apiGroups: + - dbformariadb.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - databases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformariadb-azure-com-v1api20180601-server + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180601.servers.dbformariadb.azure.com + rules: + - apiGroups: + - dbformariadb.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - servers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformysql-azure-com-v1api20210501-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210501.flexibleservers.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformysql-azure-com-v1api20210501-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210501.flexibleserversdatabases.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformysql-azure-com-v1api20210501-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210501.flexibleserversfirewallrules.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformysql-azure-com-v1api20220101-flexibleserversadministrator + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220101.flexibleserversadministrators.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20220101 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversadministrators + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformysql-azure-com-v1api20220101-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220101.flexibleserversconfigurations.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20220101 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformysql-azure-com-v1-user + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1.users.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - users + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20210601-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.flexibleservers.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20210601-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.flexibleserversconfigurations.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20210601-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.flexibleserversdatabases.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20210601-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.flexibleserversfirewallrules.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220120preview.flexibleservers.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220120preview.flexibleserversconfigurations.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220120preview.flexibleserversdatabases.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220120preview.flexibleserversfirewallrules.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20221201-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221201.flexibleservers.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20221201 + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20221201-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221201.flexibleserversconfigurations.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20221201 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20221201-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221201.flexibleserversdatabases.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20221201 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20221201-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221201.flexibleserversfirewallrules.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20221201 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1-user + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1.users.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - users + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-devices-azure-com-v1api20210702-iothub + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210702.iothubs.devices.azure.com + rules: + - apiGroups: + - devices.azure.com + apiVersions: + - v1api20210702 + operations: + - CREATE + - UPDATE + resources: + - iothubs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-databaseaccount + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.databaseaccounts.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - databaseaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-mongodbdatabasecollection + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.mongodbdatabasecollections.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasecollections + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-mongodbdatabasecollectionthroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.mongodbdatabasecollectionthroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasecollectionthroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-mongodbdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.mongodbdatabases.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-mongodbdatabasethroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.mongodbdatabasethroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasethroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqldatabasecontainer + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabasecontainers.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqldatabasecontainerstoredprocedure + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabasecontainerstoredprocedures.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainerstoredprocedures + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqldatabasecontainerthroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabasecontainerthroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainerthroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqldatabasecontainertrigger + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabasecontainertriggers.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainertriggers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqldatabasecontaineruserdefinedfunction + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabasecontaineruserdefinedfunctions.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontaineruserdefinedfunctions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqldatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabases.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqldatabasethroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabasethroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasethroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqlroleassignment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqlroleassignments.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqlroleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventgrid-azure-com-v1api20200601-domain + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.domains.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - domains + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventgrid-azure-com-v1api20200601-domainstopic + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.domainstopics.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - domainstopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventgrid-azure-com-v1api20200601-eventsubscription + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.eventsubscriptions.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - eventsubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventgrid-azure-com-v1api20200601-topic + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.topics.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - topics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventhub-azure-com-v1api20211101-namespace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespaces.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventhub-azure-com-v1api20211101-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespacesauthorizationrules.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventhub-azure-com-v1api20211101-namespaceseventhub + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespaceseventhubs.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaceseventhubs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventhub-azure-com-v1api20211101-namespaceseventhubsauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespaceseventhubsauthorizationrules.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaceseventhubsauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventhub-azure-com-v1api20211101-namespaceseventhubsconsumergroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespaceseventhubsconsumergroups.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaceseventhubsconsumergroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-insights-azure-com-v1api20180301-metricalert + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180301.metricalerts.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20180301 + operations: + - CREATE + - UPDATE + resources: + - metricalerts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-insights-azure-com-v1api20180501preview-webtest + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501preview.webtests.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20180501preview + operations: + - CREATE + - UPDATE + resources: + - webtests + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-insights-azure-com-v1api20200202-component + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200202.components.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20200202 + operations: + - CREATE + - UPDATE + resources: + - components + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-insights-azure-com-v1api20220615-scheduledqueryrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220615.scheduledqueryrules.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20220615 + operations: + - CREATE + - UPDATE + resources: + - scheduledqueryrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-insights-azure-com-v1api20221001-autoscalesetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001.autoscalesettings.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20221001 + operations: + - CREATE + - UPDATE + resources: + - autoscalesettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-insights-azure-com-v1api20230101-actiongroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.actiongroups.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - actiongroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-keyvault-azure-com-v1api20210401preview-vault + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401preview.vaults.keyvault.azure.com + rules: + - apiGroups: + - keyvault.azure.com + apiVersions: + - v1api20210401preview + operations: + - CREATE + - UPDATE + resources: + - vaults + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-keyvault-azure-com-v1api20230701-vault + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230701.vaults.keyvault.azure.com + rules: + - apiGroups: + - keyvault.azure.com + apiVersions: + - v1api20230701 + operations: + - CREATE + - UPDATE + resources: + - vaults + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-kubernetesconfiguration-azure-com-v1api20230501-extension + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501.extensions.kubernetesconfiguration.azure.com + rules: + - apiGroups: + - kubernetesconfiguration.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - extensions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-machinelearningservices-azure-com-v1api20210701-workspace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210701.workspaces.machinelearningservices.azure.com + rules: + - apiGroups: + - machinelearningservices.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - workspaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-machinelearningservices-azure-com-v1api20210701-workspacescompute + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210701.workspacescomputes.machinelearningservices.azure.com + rules: + - apiGroups: + - machinelearningservices.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - workspacescomputes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-machinelearningservices-azure-com-v1api20210701-workspacesconnection + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210701.workspacesconnections.machinelearningservices.azure.com + rules: + - apiGroups: + - machinelearningservices.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - workspacesconnections + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-managedidentity-azure-com-v1api20181130-userassignedidentity + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20181130.userassignedidentities.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20181130 + operations: + - CREATE + - UPDATE + resources: + - userassignedidentities + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-managedidentity-azure-com-v1api20220131preview-federatedidentitycredential + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220131preview.federatedidentitycredentials.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20220131preview + operations: + - CREATE + - UPDATE + resources: + - federatedidentitycredentials + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-managedidentity-azure-com-v1api20230131-federatedidentitycredential + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230131.federatedidentitycredentials.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20230131 + operations: + - CREATE + - UPDATE + resources: + - federatedidentitycredentials + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-managedidentity-azure-com-v1api20230131-userassignedidentity + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230131.userassignedidentities.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20230131 + operations: + - CREATE + - UPDATE + resources: + - userassignedidentities + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszone + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszones.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszones + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonesaaaarecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonesaaaarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesaaaarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonesarecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonesarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonescaarecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonescaarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonescaarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonescnamerecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonescnamerecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonescnamerecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonesmxrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonesmxrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesmxrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonesnsrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonesnsrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesnsrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonesptrrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonesptrrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesptrrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonessrvrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonessrvrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonessrvrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonestxtrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonestxtrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonestxtrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180901-privatednszone + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180901.privatednszones.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180901 + operations: + - CREATE + - UPDATE + resources: + - privatednszones + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonesaaaarecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonesaaaarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesaaaarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonesarecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonesarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonescnamerecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonescnamerecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonescnamerecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonesmxrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonesmxrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesmxrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonesptrrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonesptrrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesptrrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonessrvrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonessrvrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonessrvrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonestxtrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonestxtrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonestxtrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonesvirtualnetworklink + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonesvirtualnetworklinks.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesvirtualnetworklinks + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-loadbalancer + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.loadbalancers.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - loadbalancers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-loadbalancersinboundnatrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.loadbalancersinboundnatrules.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - loadbalancersinboundnatrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-networkinterface + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.networkinterfaces.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - networkinterfaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-networksecuritygroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.networksecuritygroups.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - networksecuritygroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-networksecuritygroupssecurityrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.networksecuritygroupssecurityrules.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - networksecuritygroupssecurityrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-publicipaddress + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.publicipaddresses.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - publicipaddresses + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-routetable + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.routetables.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - routetables + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-routetablesroute + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.routetablesroutes.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - routetablesroutes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-virtualnetworkgateway + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.virtualnetworkgateways.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworkgateways + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-virtualnetwork + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.virtualnetworks.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworks + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-virtualnetworkssubnet + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.virtualnetworkssubnets.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworkssubnets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-virtualnetworksvirtualnetworkpeering + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.virtualnetworksvirtualnetworkpeerings.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworksvirtualnetworkpeerings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220401-trafficmanagerprofile + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220401.trafficmanagerprofiles.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofiles + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220401-trafficmanagerprofilesazureendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220401.trafficmanagerprofilesazureendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofilesazureendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220401-trafficmanagerprofilesexternalendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220401.trafficmanagerprofilesexternalendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofilesexternalendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220401-trafficmanagerprofilesnestedendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220401.trafficmanagerprofilesnestedendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofilesnestedendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-applicationgateway + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.applicationgateways.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - applicationgateways + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-bastionhost + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.bastionhosts.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - bastionhosts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-dnsforwardingruleset + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.dnsforwardingrulesets.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsforwardingrulesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-dnsforwardingrulesetsforwardingrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.dnsforwardingrulesetsforwardingrules.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsforwardingrulesetsforwardingrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-dnsresolver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.dnsresolvers.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsresolvers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-dnsresolversinboundendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.dnsresolversinboundendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsresolversinboundendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-dnsresolversoutboundendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.dnsresolversoutboundendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsresolversoutboundendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-natgateway + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.natgateways.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - natgateways + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-privateendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.privateendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - privateendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-privateendpointsprivatednszonegroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.privateendpointsprivatednszonegroups.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - privateendpointsprivatednszonegroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-privatelinkservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.privatelinkservices.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - privatelinkservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-publicipprefix + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.publicipprefixes.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - publicipprefixes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-operationalinsights-azure-com-v1api20210601-workspace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.workspaces.operationalinsights.azure.com + rules: + - apiGroups: + - operationalinsights.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - workspaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-resources-azure-com-v1api20200601-resourcegroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.resourcegroups.resources.azure.com + rules: + - apiGroups: + - resources.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - resourcegroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-search-azure-com-v1api20220901-searchservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.searchservices.search.azure.com + rules: + - apiGroups: + - search.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - searchservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20210101preview-namespace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101preview.namespaces.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20210101preview-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101preview.namespacesauthorizationrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20210101preview-namespacesqueue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101preview.namespacesqueues.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20210101preview-namespacestopic + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101preview.namespacestopics.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20210101preview-namespacestopicssubscription + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101preview.namespacestopicssubscriptions.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20210101preview-namespacestopicssubscriptionsrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101preview.namespacestopicssubscriptionsrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptionsrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20211101-namespace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespaces.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20211101-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespacesauthorizationrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20211101-namespacesqueue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespacesqueues.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20211101-namespacestopic + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespacestopics.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacestopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20211101-namespacestopicssubscription + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespacestopicssubscriptions.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20211101-namespacestopicssubscriptionsrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespacestopicssubscriptionsrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptionsrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20221001preview-namespace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001preview.namespaces.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20221001preview-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001preview.namespacesauthorizationrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20221001preview-namespacesqueue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001preview.namespacesqueues.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20221001preview-namespacestopic + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001preview.namespacestopics.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20221001preview-namespacestopicssubscription + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001preview.namespacestopicssubscriptions.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20221001preview-namespacestopicssubscriptionsrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001preview.namespacestopicssubscriptionsrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptionsrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-signalrservice-azure-com-v1api20211001-signalr + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211001.signalrs.signalrservice.azure.com + rules: + - apiGroups: + - signalrservice.azure.com + apiVersions: + - v1api20211001 + operations: + - CREATE + - UPDATE + resources: + - signalrs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-server + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.servers.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - servers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversadministrator + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversadministrators.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversadministrators + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversadvancedthreatprotectionsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversadvancedthreatprotectionsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversadvancedthreatprotectionsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversauditingsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversauditingsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversauditingsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversazureadonlyauthentication + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversazureadonlyauthentications.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversazureadonlyauthentications + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversconnectionpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversconnectionpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversconnectionpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabases.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabasesadvancedthreatprotectionsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasesadvancedthreatprotectionsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesadvancedthreatprotectionsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabasesauditingsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasesauditingsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesauditingsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabasesbackuplongtermretentionpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasesbackuplongtermretentionpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesbackuplongtermretentionpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabasesbackupshorttermretentionpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasesbackupshorttermretentionpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesbackupshorttermretentionpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabasessecurityalertpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasessecurityalertpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasessecurityalertpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabasestransparentdataencryption + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasestransparentdataencryptions.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasestransparentdataencryptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabasesvulnerabilityassessment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasesvulnerabilityassessments.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesvulnerabilityassessments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serverselasticpool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serverselasticpools.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serverselasticpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversfailovergroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversfailovergroups.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversfailovergroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversfirewallrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversipv6firewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversipv6firewallrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversipv6firewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversoutboundfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversoutboundfirewallrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversoutboundfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serverssecurityalertpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serverssecurityalertpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serverssecurityalertpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversvirtualnetworkrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversvirtualnetworkrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversvirtualnetworkrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversvulnerabilityassessment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversvulnerabilityassessments.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversvulnerabilityassessments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20210401-storageaccount + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401.storageaccounts.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20210401-storageaccountsblobservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401.storageaccountsblobservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20210401-storageaccountsblobservicescontainer + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401.storageaccountsblobservicescontainers.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservicescontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20210401-storageaccountsmanagementpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401.storageaccountsmanagementpolicies.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsmanagementpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20210401-storageaccountsqueueservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401.storageaccountsqueueservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20210401-storageaccountsqueueservicesqueue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401.storageaccountsqueueservicesqueues.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservicesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccount + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccounts.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountsblobservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsblobservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountsblobservicescontainer + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsblobservicescontainers.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservicescontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountsfileservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsfileservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountsfileservicesshare + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsfileservicesshares.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservicesshares + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountsmanagementpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsmanagementpolicies.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsmanagementpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountsqueueservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsqueueservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountsqueueservicesqueue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsqueueservicesqueues.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservicesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountstableservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountstableservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountstableservicestable + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountstableservicestables.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservicestables + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20230101-storageaccount + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccounts.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20230101-storageaccountsblobservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountsblobservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20230101-storageaccountsblobservicescontainer + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountsblobservicescontainers.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservicescontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20230101-storageaccountsfileservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountsfileservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20230101-storageaccountsfileservicesshare + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountsfileservicesshares.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservicesshares + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20230101-storageaccountsmanagementpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountsmanagementpolicies.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsmanagementpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20230101-storageaccountsqueueservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountsqueueservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20230101-storageaccountsqueueservicesqueue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountsqueueservicesqueues.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservicesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20230101-storageaccountstableservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountstableservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20230101-storageaccountstableservicestable + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountstableservicestables.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservicestables + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-subscription-azure-com-v1api20211001-alias + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211001.aliases.subscription.azure.com + rules: + - apiGroups: + - subscription.azure.com + apiVersions: + - v1api20211001 + operations: + - CREATE + - UPDATE + resources: + - aliases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-synapse-azure-com-v1api20210601-workspace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.workspaces.synapse.azure.com + rules: + - apiGroups: + - synapse.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - workspaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-synapse-azure-com-v1api20210601-workspacesbigdatapool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.workspacesbigdatapools.synapse.azure.com + rules: + - apiGroups: + - synapse.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - workspacesbigdatapools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-web-azure-com-v1api20220301-serverfarm + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220301.serverfarms.web.azure.com + rules: + - apiGroups: + - web.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - serverfarms + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-web-azure-com-v1api20220301-site + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220301.sites.web.azure.com + rules: + - apiGroups: + - web.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - sites + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azurecluster + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.azurecluster.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azureclusters + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azureclusteridentity + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.azureclusteridentity.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azureclusteridentities + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azureclustertemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.azureclustertemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azureclustertemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachine + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.azuremachine.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremachines + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinetemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.azuremachinetemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremachinetemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedcluster + failurePolicy: Fail + name: validation.azuremanagedclusters.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremanagedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedclustertemplate + failurePolicy: Fail + name: validation.azuremanagedclustertemplates.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - UPDATE + resources: + - azuremanagedclustertemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedcontrolplane + failurePolicy: Fail + name: validation.azuremanagedcontrolplanes.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremanagedcontrolplanes + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedcontrolplanetemplate + failurePolicy: Fail + name: validation.azuremanagedcontrolplanetemplates.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremanagedcontrolplanetemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedmachinepool + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.azuremanagedmachinepools.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - azuremanagedmachinepools + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedmachinepooltemplate + failurePolicy: Fail + name: validation.azuremanagedmachinepooltemplates.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - azuremanagedmachinepooltemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinepoolmachine + failurePolicy: Fail + name: azuremachinepoolmachine.kb.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremachinepoolmachines + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinepool + failurePolicy: Fail + name: validation.azuremachinepool.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremachinepools + sideEffects: None diff --git a/files/cluster-api-provider-azure/v1.13.1/metadata.yaml b/files/cluster-api-provider-azure/v1.13.1/metadata.yaml new file mode 100644 index 00000000..f6120285 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.13.1/metadata.yaml @@ -0,0 +1,58 @@ +# maps release series of major.minor to cluster-api contract version +# the contract version may change between minor or major versions, but *not* +# between patch versions. +# +# update this file only when a new major or minor version is released +apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 +releaseSeries: + - major: 0 + minor: 3 + contract: v1alpha2 + - major: 0 + minor: 4 + contract: v1alpha3 + - major: 0 + minor: 5 + contract: v1alpha4 + - major: 1 + minor: 0 + contract: v1beta1 + - major: 1 + minor: 1 + contract: v1beta1 + - major: 1 + minor: 2 + contract: v1beta1 + - major: 1 + minor: 3 + contract: v1beta1 + - major: 1 + minor: 4 + contract: v1beta1 + - major: 1 + minor: 5 + contract: v1beta1 + - major: 1 + minor: 6 + contract: v1beta1 + - major: 1 + minor: 7 + contract: v1beta1 + - major: 1 + minor: 8 + contract: v1beta1 + - major: 1 + minor: 9 + contract: v1beta1 + - major: 1 + minor: 10 + contract: v1beta1 + - major: 1 + minor: 11 + contract: v1beta1 + - major: 1 + minor: 12 + contract: v1beta1 + - major: 1 + minor: 13 + contract: v1beta1